Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or malware - it is very slow . . .

Started by MickFee , Dec 07 2010 06:33 PM

  • This topic is locked This topic is locked

#1
MickFee
Posted 07 December 2010 - 06:33 PM

MickFee

    Member

  • Member
  • PipPip
  • 18 posts
First post from a very slow PC. Running in "safe mode" because the "normal" mode is far too slow.

I've tried to work out what is causing the problems. I've managed to remove McAfee at last (after running the MCHP tool) and I don't think it comes up in the logs. There is a mention of Trend Microcillin though and I am wondering if this is hampering/conflicting with the AVG I am running.

I hasten to add the Trend has been removed through "Programs Install/Delete" in Windows, but I am still seeing a trace here.

Additionally, on shut down from a "normal" boot I am seeing a "This program will not shut down" box - and the program is a heap of Chinese characters that, talented though I am, I have no idea what it is all about.

Anyway, here's the OTL log. It was run in Safe Mode, simply because the "normal" boot took forever. I'd love to know what's going on . . .


OTL logfile created on: 12/8/2010 11:13:22 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 24.00% Memory free
547.00 Mb Paging File | 386.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.97 Gb Free Space | 75.08% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 11:12:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/26 19:43:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/26 19:43:57 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/08 11:12:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/12/16 18:26:38 | 000,480,520 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/09/18 11:25:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/24 17:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 17:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/18 11:27:46 | 000,065,936 | ---- | M] (trend_company_name) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/09/18 11:27:44 | 001,126,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/09/18 11:27:44 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/09/18 11:27:44 | 000,203,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2007/09/18 11:27:44 | 000,036,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.c...://au.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Http://www.synnex.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 12:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/14 11:08:18 | 000,000,000 | ---D | M]

[2010/12/02 12:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/12/08 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o5rawhcm.default\extensions
[2010/12/08 11:07:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o5rawhcm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 12:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/26 18:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 18:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 18:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 18:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 23:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 11:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/12/02 12:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate
[2010/12/02 12:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP
[2010/12/02 12:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/12/02 12:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
[2010/12/02 12:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/12/02 12:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/12/02 11:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/12/02 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/12/02 11:51:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/12/02 11:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/12/02 11:29:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/11/13 12:26:15 | 000,000,000 | -HSD | C] -- C:\found.000
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 11:06:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 11:06:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 10:45:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/08 10:44:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/08 10:26:58 | 068,644,110 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2010/12/08 10:03:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 20:31:04 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
[2010/12/03 07:41:50 | 068,414,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/08 10:08:54 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MCPR.exe
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/02 11:46:44 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Administrator\avgrep.txt
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/06/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/02/29 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/06/10 14:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/04/06 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigPond
[2005/01/26 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/07 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2009/12/31 15:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 15:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/12/28 10:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/01 16:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/02/27 12:16:39 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >

OTL Extras logfile created on: 12/8/2010 11:13:22 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 24.00% Memory free
547.00 Mb Paging File | 386.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.97 Gb Free Space | 75.08% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{239674EC-7B5D-4E2E-8456-2EF9C4A8C325}" = Garmin City Navigator Australia and New Zealand NT 2010.20 Update
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5784C0-06BB-4884-A7C4-89CC206EA2B6}" = ninemsn Toolbar
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA110D11-7F62-4FE9-91B4-57ED480C1C9F}" = Picture Organiser
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG9Uninstall" = AVG Free 9.0
"Enable S3 for USB Device" = Enable S3 for USB Device
"e-tax 2005" = e-tax 2005
"e-tax 2007" = e-tax 2007
"e-tax 2008" = e-tax 2008
"getPlus®_ocx" = getPlus®_ocx
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"QuickTime" = QuickTime
"SiS 650" = SiS 650
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Search Defender" = Yahoo! Search Protection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2010 1:15:59 AM | Computer Name = CHARLIE | Source = Application Hang | ID = 1001
Description = Fault bucket 21252087.

Error - 11/13/2010 1:16:28 AM | Computer Name = CHARLIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/13/2010 1:16:33 AM | Computer Name = CHARLIE | Source = Application Hang | ID = 1001
Description = Fault bucket 21252087.

Error - 11/24/2010 12:44:47 AM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 8:27:22 PM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.868, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 8:27:22 PM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.868, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 8:27:22 PM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.868, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 8:27:22 PM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.868, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 9:21:58 PM | Computer Name = CHARLIE | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x000099b1.

Error - 12/6/2010 6:44:31 PM | Computer Name = CHARLIE | Source = Application Hang | ID = 1002
Description = Hanging application etax2009.exe, version 2009.1.0.623, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/7/2010 7:13:45 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 12/7/2010 7:14:48 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 12/7/2010 7:14:48 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 12/7/2010 7:46:10 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 12/7/2010 7:46:56 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 12/7/2010 7:46:56 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 12/7/2010 7:47:02 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 12/7/2010 8:01:26 PM | Computer Name = CHARLIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/7/2010 8:01:37 PM | Computer Name = CHARLIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/7/2010 8:02:39 PM | Computer Name = CHARLIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SPBBCDrv tmtdi


< End of report >


Edit here - and I am not bumping the topic, promise.

I've persevered and run OTL in "normal" mode. Here is the log of the scan:

OTL logfile created on: 8/12/2010 11:43:30 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Peter's Crap\OTL(Safe)
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

223.00 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 52.00% Memory free
547.00 Mb Paging File | 194.00 Mb Available in Paging File | 36.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.74 Gb Free Space | 74.67% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: MICHAEL FEEHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 11:12:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Peter's Crap\OTL(Safe)\OTL.exe
PRC - [2010/12/02 14:30:03 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 14:24:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/18 10:24:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/18 10:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/08 13:10:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2002/11/17 19:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/08 11:12:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Peter's Crap\OTL(Safe)\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/12/16 18:26:38 | 000,480,520 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/09/18 11:25:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/24 17:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 17:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/18 11:27:46 | 000,065,936 | ---- | M] (trend_company_name) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/09/18 11:27:44 | 001,126,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/09/18 11:27:44 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/09/18 11:27:44 | 000,203,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2007/09/18 11:27:44 | 000,036,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 12:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/14 11:08:18 | 000,000,000 | ---D | M]

[2010/07/08 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Extensions
[2010/12/02 13:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions
[2010/07/08 12:55:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 12:21:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/08 12:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/26 18:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 18:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 18:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 18:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 23:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{faa2539a-fdb8-11df-ba3f-000fea210534}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 12:26:15 | 000,000,000 | -HSD | C] -- C:\found.000
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 11:34:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/08 11:32:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/08 11:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 11:32:22 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 11:06:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/08 10:26:58 | 068,644,110 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2010/12/08 10:03:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/03 07:41:50 | 068,414,509 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/13 16:19:42 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Microsoft Office Shortcut Bar.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/08 11:32:22 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,221,175 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HPSU_48BitScanUpdate.log
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/10/25 15:21:51 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,003,015 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_InstantShareJPG.log
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,121,262 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/19 12:16:52 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 11:02:19 | 000,002,817 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_PROTOCOL.log
[2006/01/15 11:02:19 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_UI.log
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 11:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_API.log
[2006/01/03 18:07:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\fusioncache.dat
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/06/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/02/29 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/06/10 14:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/04/06 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigPond
[2005/01/26 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/07 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2009/12/31 15:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/18 15:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/12/28 10:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/01 16:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/01/25 12:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\AVG7
[2007/04/06 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\BigPond
[2009/12/31 15:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\GARMIN
[2007/09/02 21:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Leadertech
[2008/01/25 14:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\MSNInstaller
[2006/12/26 19:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Template
[2010/02/27 12:16:39 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >


Thanks again in advance.

Edited by MickFee, 07 December 2010 - 07:27 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 15 December 2010 - 05:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello MickFee,

Welcome to Geekstogo.

You have had Norton Antivirus on your computer at some stage. It has not been properly removed.

Firstly please go to Start > Control Panel > Add or remove Programs (Programs in Vista) and remove all items with Symantec or Norton in the name if any are there.

Then

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Step 2t

Download and run TrendMicro removal tool

After that

Please check that your Java is up to date. Older versions are vunerable to attack.

Follow these steps:

  • Download from here Java Runtime Environment (JRE) Update
  • Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

Next

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
So when you return please post
  • OTL fix log
  • OTL scan log

  • 0

#3
MickFee
Posted 16 December 2010 - 06:30 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK Emeraldnzl (Kiwi?) I have:

Removed Norton/Symantec via Uninstall Programs in XP and have run the downloaded Norton Uninstall program.

I have downloaded the Trend Micro Removal Tool and run it.

I have updated Java and removed all older versions.

Rebooted and run OTL with the copied and pasted code. Here is the log of the OTL Fixed:

All processes killed
========== OTL ==========
Error: No service named 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 was found to stop!
Service\Driver key 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 not found.
File C:\WINDOWS\TEMP\011132~1.EXE not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 657853 bytes
->Temporary Internet Files folder emptied: 3378778 bytes
->FireFox cache emptied: 29185541 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: carol

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 57440 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: MICHAEL FEEHAN
->Temp folder emptied: 337704207 bytes
->Temporary Internet Files folder emptied: 36820840 bytes
->Java cache emptied: 64592607 bytes
->FireFox cache emptied: 50196117 bytes
->Flash cache emptied: 53631 bytes

User: NetworkService
->Temp folder emptied: 562042 bytes
->Temporary Internet Files folder emptied: 3016723 bytes

User: New Folder

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2258205 bytes
%systemroot%\System32 .tmp files removed: 7362577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142027180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63214152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5754025 bytes

Total Files Cleaned = 712.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: carol

User: Default User

User: Guest

User: LocalService

User: MICHAEL FEEHAN
->Flash cache emptied: 0 bytes

User: NetworkService

User: New Folder

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12172010_105550

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






Upon reboot, I have run a full OTL scan and here is that scan's log:




OTL logfile created on: 17/12/2010 11:09:24 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

223.00 Mb Total Physical Memory | 18.00 Mb Available Physical Memory | 8.00% Memory free
547.00 Mb Paging File | 90.00 Mb Available in Paging File | 17.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 42.04 Gb Free Space | 75.20% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: MICHAEL FEEHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
PRC - [2010/12/02 14:30:03 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 14:24:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/18 10:24:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/18 10:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/26 19:43:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/08 13:10:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/11/17 19:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/12/16 18:26:38 | 000,480,520 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/09/18 11:25:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/24 17:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 17:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/18 11:27:46 | 000,065,936 | ---- | M] (trend_company_name) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/09/18 11:27:44 | 001,126,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/09/18 11:27:44 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/09/18 11:27:44 | 000,203,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2007/09/18 11:27:44 | 000,036,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 12:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 10:20:57 | 000,000,000 | ---D | M]

[2010/07/08 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Extensions
[2010/12/17 09:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions
[2010/07/08 12:55:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 12:21:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/17 10:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 10:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/26 18:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 18:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 18:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 18:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/17 10:58:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{faa2539a-fdb8-11df-ba3f-000fea210534}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 10:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/17 10:20:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/16 15:59:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll

========== Files - Modified Within 30 Days ==========

[2010/12/17 11:07:42 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/17 11:05:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 11:03:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/17 11:02:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/17 11:00:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 10:59:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 10:59:50 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 10:58:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/17 10:35:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/17 09:04:55 | 069,002,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/16 16:23:31 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 16:11:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 15:36:46 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Windows Update.lnk
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

========== Files Created - No Company Name ==========

[2010/12/17 11:07:40 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/08 11:32:22 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,221,175 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HPSU_48BitScanUpdate.log
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/10/25 15:21:51 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,003,015 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_InstantShareJPG.log
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,121,262 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/19 12:16:52 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 11:02:19 | 000,002,817 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_PROTOCOL.log
[2006/01/15 11:02:19 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_UI.log
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 11:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_API.log
[2006/01/03 18:07:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\fusioncache.dat
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >


Referred for your information and further advice please.

All the Best

Mick
  • 0

#4
emeraldnzl
Posted 16 December 2010 - 07:16 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello MickFee,

Interesting, there is still a whole lot of bits and pieces there from those anti-virus programs.

Kiwi?


Yep. :D

Before we start this time we will disable AVG in case that is interfering with our tools.

Now

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

Step 2

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/12/16 18:26:38 | 000,480,520 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2007/09/18 11:25:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
DRV - [2007/12/24 17:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 17:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/18 11:27:46 | 000,065,936 | ---- | M] (trend_company_name) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/09/18 11:27:44 | 001,126,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/09/18 11:27:44 | 000,333,328 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2007/09/18 11:27:44 | 000,203,024 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2007/09/18 11:27:44 | 000,036,112 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
When you return please post
  • OTL fix log
  • OTL scan log
  • 0

#5
MickFee
Posted 17 December 2010 - 06:06 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Well, now I've got some real problems. Here's the story so far:

Thanks for the very prompt response !!

OK, I disabled AVG, ran the OTL "Fix" with requested copy/paste addition.

After running, no report was generated and I was asked to reboot. I did so, still no report generated. Hmmmm.

So, I ran the "Fix" again, but at the "reboot" request, cancelled and a log was generated. Here it is, I hope it is of some use:

========== OTL ==========
Error: No service named 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 was found to stop!
Service\Driver key 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 not found.
File C:\WINDOWS\TEMP\011132~1.EXE not found.
Error: No service named TMBMServer was found to stop!
Service\Driver key TMBMServer not found.
File C:\Program Files\Trend Micro\BM\TMBMSRV.exe not found.
Error: No service named TmPfw was found to stop!
Service\Driver key TmPfw not found.
File C:\Program Files\Trend Micro\Internet Security\TmPfw.exe not found.
Error: No service named tmproxy was found to stop!
Service\Driver key tmproxy not found.
File C:\Program Files\Trend Micro\Internet Security\TmProxy.exe not found.
Error: No service named tmactmon was found to stop!
Service\Driver key tmactmon not found.
File C:\WINDOWS\system32\drivers\tmactmon.sys not found.
Error: No service named tmevtmgr was found to stop!
Service\Driver key tmevtmgr not found.
File C:\WINDOWS\system32\drivers\tmevtmgr.sys not found.
Error: No service named tmcomm was found to stop!
Service\Driver key tmcomm not found.
File C:\WINDOWS\system32\drivers\tmcomm.sys not found.
Error: No service named tmtdi was found to stop!
Service\Driver key tmtdi not found.
File C:\WINDOWS\system32\drivers\tmtdi.sys not found.
Error: No service named vsapint was found to stop!
Service\Driver key vsapint not found.
File C:\WINDOWS\system32\drivers\vsapint.sys not found.
Error: No service named tmcfw was found to stop!
Service\Driver key tmcfw not found.
File C:\WINDOWS\system32\drivers\TM_CFW.sys not found.
Error: No service named tmxpflt was found to stop!
Service\Driver key tmxpflt not found.
File C:\WINDOWS\system32\drivers\tmxpflt.sys not found.
Error: No service named tmpreflt was found to stop!
Service\Driver key tmpreflt not found.
File C:\WINDOWS\system32\drivers\tmpreflt.sys not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.17.3 log created on 12182010_100120


Now, as requested, the Scan was run and here is the report that that generated:


OTL logfile created on: 18/12/2010 10:03:16 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

223.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 26.00% Memory free
547.00 Mb Paging File | 152.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.99 Gb Free Space | 75.12% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: MICHAEL FEEHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/18 09:40:22 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/18 09:40:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
PRC - [2010/12/02 14:30:03 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 14:24:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/18 10:24:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/18 10:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/24 20:15:10 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/08 13:10:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/11/17 19:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google%20chrome/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 09:40:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 09:40:35 | 000,000,000 | ---D | M]

[2010/07/08 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Extensions
[2010/12/17 09:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions
[2010/07/08 12:55:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 12:21:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/17 10:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 10:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/18 09:40:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/18 09:40:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/18 09:40:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/18 09:40:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/17 10:58:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{faa2539a-fdb8-11df-ba3f-000fea210534}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 10:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/17 10:20:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/16 15:59:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll

========== Files - Modified Within 30 Days ==========

[2010/12/18 10:03:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 09:58:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/18 09:57:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/18 09:56:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 09:55:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/18 09:55:22 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 08:17:34 | 069,035,195 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/17 11:07:42 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/17 10:58:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/17 10:35:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/16 16:23:31 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 16:11:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 15:36:46 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Windows Update.lnk
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

========== Files Created - No Company Name ==========

[2010/12/17 11:07:40 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/08 11:32:22 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,221,175 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HPSU_48BitScanUpdate.log
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/10/25 15:21:51 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,003,015 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_InstantShareJPG.log
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,121,262 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/19 12:16:52 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 11:02:19 | 000,002,817 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_PROTOCOL.log
[2006/01/15 11:02:19 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_UI.log
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 11:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_API.log
[2006/01/03 18:07:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\fusioncache.dat
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >



I have since switched AVG "back on".

Here is the real difficulty - I have lost internet access on the affected machine and am posting this on another PC at this address. I have tried both IE and Firefox and neither will connect.

Any ideas?

All the Best

Mick
  • 0

#6
emeraldnzl
Posted 17 December 2010 - 06:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

After running, no report was generated and I was asked to reboot. I did so, still no report generated.


For your future reference a copy of an OTL fix log is saved in a text file at

* :\_OTL\Moved Files
in most cases this will be C:\_OTL\Moved Files

So, I ran the "Fix" again


That second one shows items not found etc. The scan shows the fix must have worked on the first run.

I have lost internet access on the affected machine and am posting this on another PC at this address.


Try this:

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the contents inside the Code box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.

Come back and tell me if that makes a difference.

If you run into difficulties or if something doesn't work as expected please come back and tell me before trying something else. :D
  • 0

#7
MickFee
Posted 17 December 2010 - 07:54 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK, before I got your message regarding the TCP/IP "reset" I did a System Restore to the very recent past and got Internet Access back.

Probably not what you really wanted, and for that I apologise in advance, however, here comes a two-part post.

I ran the "Fix" again, and this time did not reboot before getting the Log. Here it is:

========== OTL ==========
Error: No service named 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 was found to stop!
Service\Driver key 0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088 not found.
File C:\WINDOWS\TEMP\011132~1.EXE not found.
Service TMBMServer stopped successfully!
Service TMBMServer deleted successfully!
C:\Program Files\Trend Micro\BM\TMBMSRV.exe moved successfully.
Service TmPfw stopped successfully!
Service TmPfw deleted successfully!
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe moved successfully.
Service tmproxy stopped successfully!
Service tmproxy deleted successfully!
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe moved successfully.
Service tmactmon stopped successfully!
Service tmactmon deleted successfully!
C:\WINDOWS\system32\drivers\tmactmon.sys moved successfully.
Service tmevtmgr stopped successfully!
Service tmevtmgr deleted successfully!
C:\WINDOWS\system32\drivers\tmevtmgr.sys moved successfully.
Error: Unable to stop service tmcomm!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcomm deleted successfully.
C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
Error: Unable to stop service tmtdi!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmtdi deleted successfully.
C:\WINDOWS\system32\drivers\tmtdi.sys moved successfully.
Error: Unable to stop service vsapint!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsapint deleted successfully.
C:\WINDOWS\system32\drivers\vsapint.sys moved successfully.
Error: Unable to stop service tmcfw!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcfw deleted successfully.
C:\WINDOWS\system32\drivers\TM_CFW.sys moved successfully.
Service tmxpflt stopped successfully!
Service tmxpflt deleted successfully!
C:\WINDOWS\system32\drivers\tmxpflt.sys moved successfully.
Service tmpreflt stopped successfully!
Service tmpreflt deleted successfully!
C:\WINDOWS\system32\drivers\tmpreflt.sys moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.17.3 log created on 12182010_124153

Now, I am about to reboot and run the scan again. If I have Internet access problems with this PC again, be assured I won't be doing a Sytem Restore, I'll do as you instructed earlier and if that doesn't work I'll let you know and await instructions.

Hope this doesn't cause you too many problems

Mick
  • 0

#8
MickFee
Posted 17 December 2010 - 08:20 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Back again with Part 2 - and on the "other" computer.

Running the "Fix" causes the PC to lose internet connectivity. I checked the DNS settings and it is configured to automatic, I also ran the "ipconfig" and it made no difference either. Still no internet connectivity.

I am not going to do anything further till I hear from you. Here's the Scan Log, transferred from the affected machine:

OTL logfile created on: 18/12/2010 1:00:44 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

223.00 Mb Total Physical Memory | 42.00 Mb Available Physical Memory | 19.00% Memory free
547.00 Mb Paging File | 245.00 Mb Available in Paging File | 45.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.84 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: CHARLIE | User Name: MICHAEL FEEHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
PRC - [2010/12/02 14:30:03 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 14:24:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/18 10:24:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/18 10:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/24 20:15:10 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/08 13:10:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/31 17:04:48 | 000,942,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/11/17 19:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 11:50:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 11:50:29 | 000,000,000 | ---D | M]

[2010/07/08 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Extensions
[2010/12/18 09:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions
[2010/07/08 12:55:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 12:21:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/18 10:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 10:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/18 09:40:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/18 09:40:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/18 09:40:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/18 09:40:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/17 10:58:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{faa2539a-fdb8-11df-ba3f-000fea210534}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 11:50:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/12/17 10:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/17 10:20:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/16 15:59:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/18 13:03:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 12:59:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/18 12:58:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/18 12:57:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 12:56:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/18 12:56:29 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 12:33:23 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/18 12:17:39 | 069,053,758 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/17 10:58:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/17 10:35:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/16 16:23:31 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 16:11:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 15:36:46 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Windows Update.lnk
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/19 05:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/18 12:33:22 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/18 11:34:59 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,221,175 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HPSU_48BitScanUpdate.log
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/10/25 15:21:51 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,003,015 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_InstantShareJPG.log
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,121,262 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/19 12:16:52 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 11:02:19 | 000,002,817 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_PROTOCOL.log
[2006/01/15 11:02:19 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_UI.log
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 11:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_API.log
[2006/01/03 18:07:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\fusioncache.dat
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >


That's about it from me.

All the Best

Mick
  • 0

#9
emeraldnzl
Posted 17 December 2010 - 08:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Interesting. Something to do with those Trend Micro ones seems to have messed up your internet connection.

Before we go to a System Restore again:

Try this to reset TCP/IP

  • click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
    netsh int ip reset resetlog.txt - note the spaces...they should be there.
  • Reboot the computer.
If that works come back and tell me, if it doesn't do this:

Right click on My Computer > Manage and click on Device Manager (under System Tools - list on left hand side)

Scroll down to Network Adaptors and see if there are any warning signs there. If you see a yellow warning sign next to a name, double click its name to figure out what the problem is. Windows will explain why the device is temporarily out of work, and may even advise you to run its troubleshooter program. Try that.

If that solves the problem well and good. If not come back and tell me what happened.
  • 0

#10
MickFee
Posted 19 December 2010 - 06:26 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Howdy!!

The IP reset worked. I'm now back on the "problem" PC and am able to "talk" to you.

Now I've had a look in System Properties and there are some interesting indications. The "Hardware" Network adapter is OK (it's a SIS 900 PCI Fast Ethernet Adapter). Directly underneath I have two "warnings" - :

SIS 900 PCI Fast Ethernet Adapter - Trend Micro Common Firewall Miniport

Then

WAN Miniport (IP)- Trend Micro Common Firewall Miniport.

Both of these entries have the "yellow exclamation mark" indicating all is not well.

I am going to attach an OTL scan, done as soon as I rebooted. No other adjustments or tweaks have been made.

I'll also reboot the machine and see if it retains its internet connectivity and advise.

All the Best

Mick

OTL logfile created on: 20/12/2010 11:07:49 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

223.00 Mb Total Physical Memory | 6.00 Mb Available Physical Memory | 3.00% Memory free
596.00 Mb Paging File | 64.00 Mb Available in Paging File | 11.00% Paging File free
Paging file location(s): c:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 41.86 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.98 Gb Free Space | 52.48% Space Free | Partition Type: FAT

Computer Name: CHARLIE | User Name: MICHAEL FEEHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
PRC - [2010/12/02 14:30:03 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/02 14:24:08 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/18 10:24:00 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/10/18 10:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/10/18 10:06:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/26 19:43:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/26 19:43:57 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2009/03/08 13:10:04 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/11/17 19:36:16 | 000,303,104 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 10:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MICHAEL FEEHAN\My Documents\Downloads\OTL.exe
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\011132~1.EXE -- (0111321199571088mcinstcleanup) McAfee Application Installer Cleanup (0111321199571088)
SRV - [2010/10/18 10:23:03 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (BiPAC 3011G WLAN 11g USB Adapter(Billion)) BiPAC 3011G WLAN 11g USB Adapter Driver(Billion)
DRV - [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/18 10:25:00 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/10/18 10:23:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/10/18 10:10:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/19 05:08:22 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 15:25:00 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 12:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/28 14:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/03/20 14:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/08/29 23:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 01:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/30 12:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 11:50:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 11:50:29 | 000,000,000 | ---D | M]

[2010/07/08 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Extensions
[2010/12/18 09:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions
[2010/07/08 12:55:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 12:21:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Mozilla\Firefox\Profiles\4x4y2nmu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/18 10:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 10:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/18 09:40:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/18 09:40:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/18 09:40:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/18 09:40:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/17 10:58:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201563106031 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187672878515 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/24 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/31 11:49:56 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 11:50:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/12/17 10:55:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/17 10:20:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/17 10:20:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/16 15:59:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2004/10/11 20:46:32 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltefx13n.dll
[2004/01/19 15:31:00 | 000,153,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltfil13n.DLL
[2004/01/19 14:31:06 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfiff13n.dll
[2004/01/19 14:31:06 | 000,020,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfCUT13n.dll
[2004/01/19 13:31:50 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltkrn13n.dll
[2004/01/19 13:12:00 | 000,089,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfcgm13n.dll
[2004/01/19 12:49:52 | 000,278,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFJ2K13n.dll
[2004/01/19 12:49:08 | 000,180,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng13n.dll
[2004/01/19 12:47:36 | 000,076,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwmf13n.dll
[2004/01/19 12:47:04 | 000,509,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMW13n.dll
[2004/01/19 12:45:38 | 000,420,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP13n.DLL
[2004/01/19 12:44:52 | 000,143,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lftif13n.dll
[2004/01/19 12:36:48 | 000,056,832 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpsd13n.dll
[2004/01/19 12:36:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd13n.dll
[2004/01/19 12:36:32 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcx13n.dll
[2004/01/19 12:36:24 | 000,065,536 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct13n.dll
[2004/01/19 12:36:18 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmsp13n.dll
[2004/01/19 12:35:56 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfmac13n.dll
[2004/01/19 12:35:34 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfimg13n.dll
[2004/01/19 12:34:50 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfclp13n.dll
[2004/01/19 12:34:42 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfbmp13n.dll
[2004/01/19 12:33:48 | 000,444,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltimg13n.dll
[2004/01/19 12:32:18 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS13n.dll
[2000/05/02 05:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[1999/11/19 00:00:00 | 000,284,032 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Program Files\XceedZip.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 11:03:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/20 11:00:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/20 10:58:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/20 10:58:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 10:58:07 | 234,409,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 10:09:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/18 12:33:23 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/18 12:17:39 | 069,053,758 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/17 10:58:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/17 10:35:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/16 16:23:31 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 16:11:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 15:36:46 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Windows Update.lnk
[2010/12/02 12:15:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 10:56:32 | 000,002,145 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\resetlog.txt
[2010/12/18 12:33:22 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Desktop\Shortcut to Downloads.lnk
[2010/12/18 11:34:59 | 234,409,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 12:15:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:04:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/15 10:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/27 20:52:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/15 10:03:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/25 15:27:22 | 000,221,175 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/10/25 15:27:22 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/25 15:26:22 | 000,002,219 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HPSU_48BitScanUpdate.log
[2006/10/25 15:26:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/25 15:21:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2006/10/25 15:21:51 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2006/10/25 15:21:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/10/25 15:11:44 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
[2006/10/25 15:11:44 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/10/25 15:10:55 | 000,003,015 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_InstantShareJPG.log
[2006/10/25 15:10:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/10/25 15:01:39 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\PatchUpdate_IZClosingDiscError.log
[2006/10/25 15:01:39 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/24 19:56:54 | 000,121,262 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2006/04/24 19:56:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/19 12:16:52 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 11:02:19 | 000,002,817 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_PROTOCOL.log
[2006/01/15 11:02:19 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_UI.log
[2006/01/15 11:02:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/01/15 11:02:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Application Data\Hewlett-PackardHP PSC 1400 series1136271544_API.log
[2006/01/03 18:07:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\MICHAEL FEEHAN\Local Settings\Application Data\fusioncache.dat
[2006/01/03 17:49:20 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/06 18:54:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.MICHAEL FEEHAN.ini
[2005/09/21 23:41:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 10:36:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/02/01 13:17:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/26 19:20:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/01/26 17:57:33 | 000,000,517 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/11/29 14:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/25 00:27:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/24 17:02:07 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/24 16:52:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/06/24 16:48:58 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/06/24 16:48:58 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/06/24 16:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/06/24 16:44:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844

< End of report >
  • 0

Advertisements

#11
MickFee
Posted 19 December 2010 - 06:55 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Rebooted and I've still got internet capabilities (hooray).

Mick
  • 0

#12
emeraldnzl
Posted 19 December 2010 - 07:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello MickFee,

Download the McAfee removal tool from here and save the file to your desktop.

Close all McAfee Application windows you may have open, and double-click on MCPR.exe to start the removal tool.

Note: Windows Vista users will have to right-click on the file and select "Run as Administrator"

After the removal tool finishes, you should be prompted to restart your computer.

Once the computer restarts, your McAfee product should be uninstalled.

Next

Disable AVG as it will interfere with the next tool we want to use. It's possible that even this won't be enough and you may have to uninstall it temporarily.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

After that

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#13
MickFee
Posted 19 December 2010 - 07:55 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks for the very quick response.

I've run MCPR.exe without incident, it's ebooted and all is well.

The Combo Fix on the other hand is giving me grief.

I have disabled AVG's Resident Shield, and run the Combo Fix, but it will not progress, stating that I need to uninstall AVG as to "continue would cause problems".

Understandably, I am a little reluctant to uninstall the thing as it takes quite a long while to re-install, what with the antivirus profiles and such.

I'll be guided by you in this. If needs be I'll uninstall it, but is there a workaround by a selective boot of the machine?

All the Best

Mick
  • 0

#14
MickFee
Posted 19 December 2010 - 08:23 PM

MickFee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Of course, I didn't read your earlier advice - I now see where you indicated I may have to uninstall AVG.

I am going to do that now, re-run Combo-Fix and let you know how things are here.

All the Best

Mick
  • 0

#15
emeraldnzl
Posted 19 December 2010 - 08:51 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
:D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP