Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

More Google Redirect

Started by MoparMan , May 14 2011 09:22 PM

  • This topic is locked This topic is locked

#1
MoparMan
Posted 14 May 2011 - 09:22 PM

MoparMan

    New Member

  • Member
  • Pip
  • 9 posts
Hi guys...
I inherited the Google Redirect thing a little while ago and at first I "solved" my problem by changing browser from IE to Firefox....seemed to work ok there but over time it went back to the way it was on IE...I then moved to Google Chrome as I was checking out new browsers anyway and it was fine for about a month?
Its back and is frustrating...
I have read a few threads on this forum and tried TDSSKiller to no avail...can anyone helps me please
Heres the OTL log:



OTL logfile created on: 15/05/2011 1:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 293.26 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 13:10:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pc\Desktop\TDSSKiller.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/03/15 11:26:37 | 001,039,360 | ---- | M] () -- C:\Program Files\Winrar\WinRAR.exe
PRC - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/18 10:24:08 | 001,733,120 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/27 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 16:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 13:10:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
MOD - [2011/04/21 03:00:24 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/21 03:00:24 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/21 05:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/31 14:00:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 14:00:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/27 11:11:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 10:55:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 17:34:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/06 14:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 13:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 12:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 12:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/11 20:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/27 17:45:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/15 13:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 1D 22 DC 7F F6 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/28 18:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 10:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 08:52:36 | 000,000,000 | ---D | M]

[2011/02/20 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Extensions
[2011/05/15 09:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions
[2011/02/21 18:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 11:22:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/19 11:19:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 11:21:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/02/20 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 10:55:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/08/28 18:45:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/15 12:52:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell - "" = AutoRun
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 13:10:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:02:07 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pc\Desktop\TDSSKiller.exe
[2011/05/15 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\GooredFix Backups
[2011/05/15 13:00:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B74B227-BABC-4B1E-927E-EE17FF5B3206}
[2011/05/15 12:51:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/14 07:02:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EE23E3DF-A4AE-441C-A14D-956B5A298FB5}
[2011/05/13 19:01:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9A2E7B46-DC60-44D4-A84B-E0CB6C949F38}
[2011/05/13 07:01:14 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6237C9CB-F2ED-4D7A-9A9F-D59F7B8549BA}
[2011/05/12 07:03:34 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{2A38AFB8-DC2B-4FE7-BB22-A0C25DF0F114}
[2011/05/11 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{94603D46-1D4C-4CD4-B485-D52C665E71A2}
[2011/05/11 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 17:55:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/11 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9B7BC8F1-6D47-4A47-A272-FCFA1D074491}
[2011/05/10 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FC394DD6-3E54-4E53-AE12-03B56501BC13}
[2011/05/04 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{996E0334-AC8F-40F3-A14E-09B01B393862}
[2011/05/04 05:22:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6252B7F2-5434-4FD5-AD60-103B9D1FCDF3}
[2011/05/03 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8692AC28-A3CE-4647-A922-0877694B35A7}
[2011/05/03 05:21:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6EC451ED-80BA-4F58-B0F2-5F41F8810E17}
[2011/05/02 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{834997CA-BB34-4D60-90F6-5478F5E14C95}
[2011/05/02 05:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{23AE77A7-887B-4F1D-A0E3-62DD7EB547EC}
[2011/05/01 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FA0FA6DF-E73F-48BC-9BD3-5D5AB78755D9}
[2011/05/01 05:18:44 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FCB6F5EF-44BE-4DCB-8EF7-55F8FD3186B7}
[2011/04/30 23:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/04/30 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Canon
[2011/04/30 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2011/04/30 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AA3910BA-085E-4BB4-90BC-7F745F3D5C7F}
[2011/04/30 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/30 11:53:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/30 11:52:59 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/30 11:52:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/30 05:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BD326615-C618-4958-ADA5-7C8091C9E098}
[2011/04/29 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{336B9840-981B-48F6-B32F-4893C17E55C6}
[2011/04/29 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{4CBA3D66-8E05-4322-9C2F-DE2354C3E2D5}
[2011/04/28 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6DEEA9D1-362B-408B-BBC8-ED128AB7912E}
[2011/04/27 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{264A6C8B-5067-4EB1-BD30-5F4931055EAC}
[2011/04/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EB2AA585-D3E3-4EE6-BE97-4413F1600E17}
[2011/04/25 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{594AD3DA-C440-4F17-9A68-19090DD6C272}
[2011/04/25 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8A30DCB5-0A2E-4DDD-BD0A-72E23A429BA9}
[2011/04/24 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AD1C6D00-5D3C-4470-97E3-F3FB6406BBA2}
[2011/04/23 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C20A84AE-B1C6-4AC2-80AC-0F63C46112FF}
[2011/04/23 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9EC803BE-BBA0-48ED-BFBE-19F7ADD4A393}
[2011/04/21 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{764DA173-C74B-47FC-AE3C-12B1C2A55045}
[2011/04/21 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{0C4CECA0-85AE-4807-AE82-14D0E1B0752E}
[2011/04/20 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{025CDCB2-862E-4494-A0D7-EAE48EF198DF}
[2011/04/19 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DECEE91F-8E23-4DF7-9BB0-95DDA7EFF163}
[2011/04/18 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E9A18667-DA9C-4BF2-A191-B7E8BF7A6FF7}
[2011/04/17 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/16 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9D87F24E-552E-420E-8986-DF8E3D1DD86F}
[2011/04/16 11:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/04/16 11:05:24 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/04/16 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/04/15 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DD86BE3C-1EEB-4970-ACC1-EAE70DFD9B15}
[2011/04/12 15:36:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/15 13:10:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:02:05 | 000,001,940 | ---- | M] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 13:01:28 | 001,280,208 | ---- | M] () -- C:\Users\pc\Desktop\tdsskiller.zip
[2011/05/15 13:01:03 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 13:01:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 13:00:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:55:59 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/15 12:55:58 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/15 12:55:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 12:55:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 12:55:03 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\XDSA.job
[2011/05/15 12:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 12:54:42 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 12:52:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/15 09:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/05/14 23:21:33 | 000,001,989 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 23:21:32 | 000,002,027 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/05/14 19:15:11 | 000,001,057 | ---- | M] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/05/14 19:12:34 | 000,026,624 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 17:21:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pc\Desktop\TDSSKiller.exe
[2011/05/11 18:00:09 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/21 21:12:12 | 000,000,800 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/04/17 13:44:06 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:42 | 020,533,281 | ---- | M] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | M] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk

========== Files Created - No Company Name ==========

[2011/05/15 13:01:22 | 001,280,208 | ---- | C] () -- C:\Users\pc\Desktop\tdsskiller.zip
[2011/05/13 19:26:52 | 000,001,940 | ---- | C] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 18:00:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 13:44:05 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:17 | 020,533,281 | ---- | C] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | C] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | C] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk
[2011/04/12 15:36:17 | 000,087,608 | ---- | C] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,007,887 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/12 13:54:07 | 000,001,057 | ---- | C] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 00:09:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/18 23:42:57 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\WpdConns8.dll
[2011/02/13 16:48:32 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2011/02/13 16:48:32 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2011/02/13 16:48:32 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/13 16:48:32 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/18 10:51:54 | 000,001,456 | ---- | C] () -- C:\Users\pc\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/26 14:12:15 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/26 14:12:14 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/26 13:22:59 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010/09/21 20:33:57 | 000,026,624 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 14:56:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/18 14:55:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/27 21:51:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,600,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/30 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon
[2011/05/10 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DMCache
[2011/05/14 13:24:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IDM
[2010/08/27 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenOffice.org
[2010/10/27 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2011/05/14 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/05/14 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Vso
[2011/02/18 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WinAVI
[2011/05/15 12:53:42 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/15 12:55:03 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\XDSA.job

========== Purity Check ==========



< End of report >

And the extras log :



OTL Extras logfile created on: 15/05/2011 1:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 293.26 Gb Free Space | 62.96% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A223176-3D9A-4D34-94FE-FEF302E4BA00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30AD2CB2-E645-40B4-A3EC-3B6DEBEE6190}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{5E933B62-C721-40B0-A644-9B5E26DE5346}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{AFC42317-28F7-47C0-9527-18DD6B8FDA52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E060BCFC-B24E-443C-8CB1-AB66AFC6EF67}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FBA8216E-B2A3-403F-927A-E48A120D9CE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA002B-AE1E-433D-9228-AA5BBDF9A914}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{12943CB0-3FB1-4201-A11D-CD7C29E5BB91}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1EF0BBBE-1ED8-4934-8917-956C4AC75AF0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2A97802E-9965-47AE-BB34-F9B50E988C8B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{2DF0D8C3-2B80-4F63-A23F-6B123E4AB650}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{34D13003-9AC6-4463-A44C-9F43967BA051}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{58ADDFD1-04A5-4B59-A34F-06ABE0A51C93}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6115DECB-234E-448B-90F5-4FD6BC6AD1E8}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{68E82654-CBB1-4B1D-90EF-BC4777B05E08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C810A29F-FC67-4320-B6DF-B8605AF3BAA9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{F84DBAE8-18DA-4A8A-A503-6AD5A297FDC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"N360" = Norton 360
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/04/2011 8:33:46 PM | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Faulting application BF2.exe, version 0.0.0.0, time stamp 0x4290facc,
faulting module ~df394b.tmp, version 0.0.0.0, time stamp 0x41348c3d, exception
code 0xc0000005, fault offset 0x000c486b, process id 0xe3c, application start time
0x01cbfc96f2443f60.

Error - 17/04/2011 5:05:00 AM | Computer Name = pc-PC | Source = Windows Backup | ID = 4104
Description =

Error - 22/04/2011 7:38:18 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2011 5:00:02 AM | Computer Name = pc-PC | Source = Windows Backup | ID = 4104
Description =

Error - 27/04/2011 1:18:47 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/05/2011 3:03:54 AM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/05/2011 5:01:27 AM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 4:22:25 AM | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 4.1.16.360, time stamp
0x4da5ca06, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0x0eedfade, fault offset 0x0003fbae, process id 0x9e8, application
start time 0x01cc107dadaf5847.

Error - 14/05/2011 5:14:09 AM | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 15.4.3508.1109 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ec8 Start Time: 01cc0ef0be32a5c7 Termination Time: 723

Error - 14/05/2011 10:56:23 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30/12/2010 6:53:20 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 30/12/2010 6:54:56 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/12/2010 7:09:42 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 31/12/2010 1:50:20 AM | Computer Name = pc-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =

Error - 31/12/2010 7:28:01 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 31/12/2010 7:29:26 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/01/2011 7:24:17 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 1/01/2011 7:25:55 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/01/2011 5:44:27 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/01/2011 5:44:57 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Thanks in advance
  • 0

Advertisements

#2
Essexboy
Posted 15 May 2011 - 05:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Exactly how long have you been having this problem ? What were the TDSSKiller results (could you post the log please )

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Delete your current OTL by running it and clicking cleanup

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
MoparMan
Posted 15 May 2011 - 06:35 AM

MoparMan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy and thanks for the response
Have had this problem for easily a month and just resorted to cut and pasting the results from google search in desparation
Dont think I saved the TDSSKIller logs as it came back clear from memory....sorry
Heres todays OTL logs:


OTL logfile created on: 15/05/2011 10:19:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 293.19 Gb Free Space | 62.95% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/18 10:24:08 | 001,733,120 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/27 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 16:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
MOD - [2011/04/21 03:00:24 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/21 03:00:24 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/21 05:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/31 14:00:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 14:00:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/27 11:11:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 10:55:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 17:34:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/06 14:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 13:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 12:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 12:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/11 20:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/27 17:45:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/15 13:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 1D 22 DC 7F F6 CB 01 [binary data]
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/28 18:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 10:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 08:52:36 | 000,000,000 | ---D | M]

[2011/02/20 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Extensions
[2011/05/15 09:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions
[2011/02/21 18:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 11:22:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/19 11:19:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 11:21:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/02/20 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 10:55:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/08/28 18:45:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/15 12:52:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell - "" = AutoRun
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 22:18:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\GooredFix Backups
[2011/05/15 13:00:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B74B227-BABC-4B1E-927E-EE17FF5B3206}
[2011/05/14 07:02:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EE23E3DF-A4AE-441C-A14D-956B5A298FB5}
[2011/05/13 19:01:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9A2E7B46-DC60-44D4-A84B-E0CB6C949F38}
[2011/05/13 07:01:14 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6237C9CB-F2ED-4D7A-9A9F-D59F7B8549BA}
[2011/05/12 07:03:34 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{2A38AFB8-DC2B-4FE7-BB22-A0C25DF0F114}
[2011/05/11 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{94603D46-1D4C-4CD4-B485-D52C665E71A2}
[2011/05/11 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 17:55:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/11 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9B7BC8F1-6D47-4A47-A272-FCFA1D074491}
[2011/05/10 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FC394DD6-3E54-4E53-AE12-03B56501BC13}
[2011/05/04 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{996E0334-AC8F-40F3-A14E-09B01B393862}
[2011/05/04 05:22:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6252B7F2-5434-4FD5-AD60-103B9D1FCDF3}
[2011/05/03 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8692AC28-A3CE-4647-A922-0877694B35A7}
[2011/05/03 05:21:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6EC451ED-80BA-4F58-B0F2-5F41F8810E17}
[2011/05/02 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{834997CA-BB34-4D60-90F6-5478F5E14C95}
[2011/05/02 05:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{23AE77A7-887B-4F1D-A0E3-62DD7EB547EC}
[2011/05/01 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FA0FA6DF-E73F-48BC-9BD3-5D5AB78755D9}
[2011/05/01 05:18:44 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FCB6F5EF-44BE-4DCB-8EF7-55F8FD3186B7}
[2011/04/30 23:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/04/30 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Canon
[2011/04/30 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2011/04/30 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AA3910BA-085E-4BB4-90BC-7F745F3D5C7F}
[2011/04/30 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/30 11:53:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/30 11:52:59 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/30 11:52:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/30 05:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BD326615-C618-4958-ADA5-7C8091C9E098}
[2011/04/29 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{336B9840-981B-48F6-B32F-4893C17E55C6}
[2011/04/29 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{4CBA3D66-8E05-4322-9C2F-DE2354C3E2D5}
[2011/04/28 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6DEEA9D1-362B-408B-BBC8-ED128AB7912E}
[2011/04/27 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{264A6C8B-5067-4EB1-BD30-5F4931055EAC}
[2011/04/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EB2AA585-D3E3-4EE6-BE97-4413F1600E17}
[2011/04/25 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{594AD3DA-C440-4F17-9A68-19090DD6C272}
[2011/04/25 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8A30DCB5-0A2E-4DDD-BD0A-72E23A429BA9}
[2011/04/24 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AD1C6D00-5D3C-4470-97E3-F3FB6406BBA2}
[2011/04/23 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C20A84AE-B1C6-4AC2-80AC-0F63C46112FF}
[2011/04/23 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9EC803BE-BBA0-48ED-BFBE-19F7ADD4A393}
[2011/04/21 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{764DA173-C74B-47FC-AE3C-12B1C2A55045}
[2011/04/21 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{0C4CECA0-85AE-4807-AE82-14D0E1B0752E}
[2011/04/20 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{025CDCB2-862E-4494-A0D7-EAE48EF198DF}
[2011/04/19 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DECEE91F-8E23-4DF7-9BB0-95DDA7EFF163}
[2011/04/18 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E9A18667-DA9C-4BF2-A191-B7E8BF7A6FF7}
[2011/04/17 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/16 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9D87F24E-552E-420E-8986-DF8E3D1DD86F}
[2011/04/16 11:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/04/16 11:05:24 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/04/16 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/04/12 15:36:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/15 22:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 22:16:34 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/15 22:16:33 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/15 22:16:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 22:16:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 22:16:03 | 003,600,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 22:15:55 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\XDSA.job
[2011/05/15 22:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 22:15:39 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 22:13:18 | 000,000,512 | ---- | M] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/15 17:21:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/05/15 13:02:05 | 000,001,940 | ---- | M] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 13:01:03 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 13:01:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 13:00:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:52:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/14 23:21:33 | 000,001,989 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 23:21:32 | 000,002,027 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/05/14 19:15:11 | 000,001,057 | ---- | M] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/05/14 19:12:34 | 000,026,624 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 18:00:09 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/21 21:12:12 | 000,000,800 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/04/17 13:44:06 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:42 | 020,533,281 | ---- | M] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | M] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk

========== Files Created - No Company Name ==========

[2011/05/15 22:13:18 | 000,000,512 | ---- | C] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/13 19:26:52 | 000,001,940 | ---- | C] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 18:00:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 13:44:05 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:17 | 020,533,281 | ---- | C] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | C] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | C] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk
[2011/04/12 15:36:17 | 000,087,608 | ---- | C] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,007,887 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/12 13:54:07 | 000,001,057 | ---- | C] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 00:09:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/18 23:42:57 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\WpdConns8.dll
[2011/02/13 16:48:32 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2011/02/13 16:48:32 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2011/02/13 16:48:32 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/13 16:48:32 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/18 10:51:54 | 000,001,456 | ---- | C] () -- C:\Users\pc\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/26 14:12:15 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/26 14:12:14 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/26 13:22:59 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010/09/21 20:33:57 | 000,026,624 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 14:56:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/18 14:55:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/27 21:51:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,600,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/30 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon
[2011/05/10 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DMCache
[2011/05/14 13:24:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IDM
[2010/08/27 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenOffice.org
[2010/10/27 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2011/05/14 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/05/14 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Vso
[2011/02/18 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WinAVI
[2011/05/15 22:14:46 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/15 22:15:55 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\XDSA.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old.000\Windows\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old.000\Windows\System32\svchost.exe
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old.000\Windows\System32\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 20:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows.old.000\Windows\inf\volsnap.inf
[2006/11/02 16:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf
[2006/11/02 20:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows.old\ProgramData\Microsoft\Windows\WER\ReportQueue\Report03199a05\volsnap.inf
[2006/11/02 20:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows.old\Windows\inf\volsnap.inf
[2006/11/02 16:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf
[2006/11/02 20:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/02 16:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows.old.000\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows.old.000\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows.old\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows.old\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2006/11/02 22:41:18 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_112c68f98452eff6\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2006/11/02 22:51:20 | 000,004,940 | ---- | M] () MD5=1A07DF8A56C0581B0E0DF0A4A357C653 -- C:\Windows.old.000\Windows\inf\volsnap.PNF
[2010/10/26 13:32:46 | 000,004,940 | ---- | M] () MD5=5B6C6BB253E0CA161624316AF9858AC4 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF
[2010/03/23 15:30:10 | 000,004,940 | ---- | M] () MD5=7116C254C52B1BA253D194C34B0F3A41 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF
[2006/11/02 23:03:50 | 000,004,940 | ---- | M] () MD5=7E086159B28FF2EEDD9462BD44325B12 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF
[2010/03/23 15:30:10 | 000,004,940 | ---- | M] () MD5=8BB59B2576993A142AF85BAC5D9995F7 -- C:\Windows.old\Windows\inf\volsnap.PNF
[2010/10/26 13:32:47 | 000,004,940 | ---- | M] () MD5=8BB59B2576993A142AF85BAC5D9995F7 -- C:\Windows\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old.000\Windows\System32\drivers\volsnap.sys
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old.000\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\drivers\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows.old\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 12:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/21 12:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows.old\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/21 12:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows.old\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2008/01/21 12:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2008/01/21 12:25:44 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=2A3DEAD70397152006B4E3CED20B41C4 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2006/11/02 22:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows.old.000\Windows\System32\drivers\en-US\volsnap.sys.mui
[2006/11/02 22:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows.old.000\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui
[2006/11/02 22:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows.old\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui
[2006/11/02 22:41:23 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=F9B09F7E31E49004666C9B3EB0BEBD94 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_78ef883cc30a4c61\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old.000\Windows\System32\winlogon.exe
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/15 08:52:36 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/15 08:52:36 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/15 08:52:36 | 000,552,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/15 08:52:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/15 08:52:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/15 08:52:35 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/07 21:57:16 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/02/22 14:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/02/22 14:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/02/22 14:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/22 16:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/22 16:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation)

< End of report >


And the extra :


OTL Extras logfile created on: 15/05/2011 10:19:42 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 293.19 Gb Free Space | 62.95% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A223176-3D9A-4D34-94FE-FEF302E4BA00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30AD2CB2-E645-40B4-A3EC-3B6DEBEE6190}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{5E933B62-C721-40B0-A644-9B5E26DE5346}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{AFC42317-28F7-47C0-9527-18DD6B8FDA52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E060BCFC-B24E-443C-8CB1-AB66AFC6EF67}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FBA8216E-B2A3-403F-927A-E48A120D9CE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AA002B-AE1E-433D-9228-AA5BBDF9A914}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{12943CB0-3FB1-4201-A11D-CD7C29E5BB91}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1EF0BBBE-1ED8-4934-8917-956C4AC75AF0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2A97802E-9965-47AE-BB34-F9B50E988C8B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{2DF0D8C3-2B80-4F63-A23F-6B123E4AB650}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{34D13003-9AC6-4463-A44C-9F43967BA051}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{58ADDFD1-04A5-4B59-A34F-06ABE0A51C93}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6115DECB-234E-448B-90F5-4FD6BC6AD1E8}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe |
"{68E82654-CBB1-4B1D-90EF-BC4777B05E08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C810A29F-FC67-4320-B6DF-B8605AF3BAA9}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{F84DBAE8-18DA-4A8A-A503-6AD5A297FDC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"N360" = Norton 360
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Winrar 3.93" = Winrar 3.93
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/04/2011 5:05:00 AM | Computer Name = pc-PC | Source = Windows Backup | ID = 4104
Description =

Error - 22/04/2011 7:38:18 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2011 5:00:02 AM | Computer Name = pc-PC | Source = Windows Backup | ID = 4104
Description =

Error - 27/04/2011 1:18:47 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/05/2011 3:03:54 AM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/05/2011 5:01:27 AM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 4:22:25 AM | Computer Name = pc-PC | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 4.1.16.360, time stamp
0x4da5ca06, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0x0eedfade, fault offset 0x0003fbae, process id 0x9e8, application
start time 0x01cc107dadaf5847.

Error - 14/05/2011 5:14:09 AM | Computer Name = pc-PC | Source = Application Hang | ID = 1002
Description = The program msnmsgr.exe version 15.4.3508.1109 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ec8 Start Time: 01cc0ef0be32a5c7 Termination Time: 723

Error - 14/05/2011 10:56:23 PM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/05/2011 8:17:23 AM | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30/12/2010 7:09:42 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 31/12/2010 1:50:20 AM | Computer Name = pc-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =

Error - 31/12/2010 7:28:01 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 31/12/2010 7:29:26 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/01/2011 7:24:17 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 1/01/2011 7:25:55 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/01/2011 5:44:27 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/01/2011 5:44:57 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/01/2011 7:11:42 PM | Computer Name = pc-PC | Source = HTTP | ID = 15016
Description =

Error - 2/01/2011 7:13:20 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Hope this helps
  • 0

#4
Essexboy
Posted 15 May 2011 - 07:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have the aswMBR log as well please. As the infection happened a while ago could you re-run OTL please but on the file age drop down select 60 days and then press run scan
  • 0

#5
MoparMan
Posted 16 May 2011 - 02:24 AM

MoparMan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy

aswMBR log:


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-15 22:08:47
-----------------------------
22:08:47.410 OS Version: Windows 6.0.6002 Service Pack 2
22:08:47.410 Number of processors: 2 586 0xF0B
22:08:47.411 ComputerName: PC-PC UserName: pc
22:08:49.767 Initialize success
22:12:25.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:12:25.140 Disk 0 Vendor: WDC_WD5000AVDS-63U7B0 01.00A01 Size: 476940MB BusType: 3
22:12:27.148 Disk 0 MBR read successfully
22:12:27.151 Disk 0 MBR scan
22:12:27.153 Disk 0 unknown MBR code
22:12:29.157 Disk 0 scanning sectors +976771072
22:12:29.241 Disk 0 scanning C:\Windows\system32\drivers
22:12:34.964 Service scanning
22:12:36.416 Disk 0 trace - called modules:
22:12:36.488 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
22:12:36.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8576eac8]
22:12:36.495 3 CLASSPNP.SYS[8a5a68b3] -> nt!IofCallDriver -> [0x8478e898]
22:12:36.500 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8512fb98]
22:12:36.504 Scan finished successfully
22:13:18.495 Disk 0 MBR has been saved successfully to "C:\Users\pc\Desktop\MBR.dat"
22:13:18.500 The log file has been saved successfully to "C:\Users\pc\Desktop\aswMBR log 15-5.txt"

OTL log scanned for 30 days again as OTL wont let me scan for 60/90 days...is there a way around this?

OTL logfile created on: 16/05/2011 6:36:32 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 293.04 Gb Free Space | 62.92% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/18 10:24:08 | 001,733,120 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/27 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 16:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
MOD - [2011/04/21 03:00:24 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/21 03:00:24 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/21 05:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/31 14:00:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 14:00:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/27 11:11:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 10:55:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 17:34:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/06 14:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 13:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 12:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 12:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/11 20:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/27 17:45:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/15 13:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 1D 22 DC 7F F6 CB 01 [binary data]
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 E8 D0 41 FA F0 CB 01 [binary data]
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/28 18:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 10:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 08:52:36 | 000,000,000 | ---D | M]

[2011/02/20 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Extensions
[2011/05/15 09:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions
[2011/02/21 18:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 11:22:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/19 11:19:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 11:21:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/02/20 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 10:55:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/08/28 18:45:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/15 12:52:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001..\RunOnce: [Application Restart #0] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell - "" = AutoRun
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F1AEFC6D-4BE3-4CD0-AE2A-8CF38726C825}
[2011/05/16 00:58:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E4624878-F456-4CB6-834A-B4DA5C293580}
[2011/05/15 22:18:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\GooredFix Backups
[2011/05/15 13:00:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B74B227-BABC-4B1E-927E-EE17FF5B3206}
[2011/05/14 07:02:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EE23E3DF-A4AE-441C-A14D-956B5A298FB5}
[2011/05/13 19:01:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9A2E7B46-DC60-44D4-A84B-E0CB6C949F38}
[2011/05/13 07:01:14 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6237C9CB-F2ED-4D7A-9A9F-D59F7B8549BA}
[2011/05/12 07:03:34 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{2A38AFB8-DC2B-4FE7-BB22-A0C25DF0F114}
[2011/05/11 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{94603D46-1D4C-4CD4-B485-D52C665E71A2}
[2011/05/11 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 17:55:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/11 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9B7BC8F1-6D47-4A47-A272-FCFA1D074491}
[2011/05/10 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FC394DD6-3E54-4E53-AE12-03B56501BC13}
[2011/05/04 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{996E0334-AC8F-40F3-A14E-09B01B393862}
[2011/05/04 05:22:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6252B7F2-5434-4FD5-AD60-103B9D1FCDF3}
[2011/05/03 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8692AC28-A3CE-4647-A922-0877694B35A7}
[2011/05/03 05:21:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6EC451ED-80BA-4F58-B0F2-5F41F8810E17}
[2011/05/02 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{834997CA-BB34-4D60-90F6-5478F5E14C95}
[2011/05/02 05:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{23AE77A7-887B-4F1D-A0E3-62DD7EB547EC}
[2011/05/01 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FA0FA6DF-E73F-48BC-9BD3-5D5AB78755D9}
[2011/05/01 05:18:44 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FCB6F5EF-44BE-4DCB-8EF7-55F8FD3186B7}
[2011/04/30 23:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/04/30 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Canon
[2011/04/30 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2011/04/30 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AA3910BA-085E-4BB4-90BC-7F745F3D5C7F}
[2011/04/30 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/30 11:53:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/30 11:52:59 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/30 11:52:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/30 05:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BD326615-C618-4958-ADA5-7C8091C9E098}
[2011/04/29 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{336B9840-981B-48F6-B32F-4893C17E55C6}
[2011/04/29 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{4CBA3D66-8E05-4322-9C2F-DE2354C3E2D5}
[2011/04/28 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6DEEA9D1-362B-408B-BBC8-ED128AB7912E}
[2011/04/27 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{264A6C8B-5067-4EB1-BD30-5F4931055EAC}
[2011/04/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EB2AA585-D3E3-4EE6-BE97-4413F1600E17}
[2011/04/25 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{594AD3DA-C440-4F17-9A68-19090DD6C272}
[2011/04/25 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8A30DCB5-0A2E-4DDD-BD0A-72E23A429BA9}
[2011/04/24 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AD1C6D00-5D3C-4470-97E3-F3FB6406BBA2}
[2011/04/23 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C20A84AE-B1C6-4AC2-80AC-0F63C46112FF}
[2011/04/23 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9EC803BE-BBA0-48ED-BFBE-19F7ADD4A393}
[2011/04/21 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{764DA173-C74B-47FC-AE3C-12B1C2A55045}
[2011/04/21 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{0C4CECA0-85AE-4807-AE82-14D0E1B0752E}
[2011/04/20 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{025CDCB2-862E-4494-A0D7-EAE48EF198DF}
[2011/04/19 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DECEE91F-8E23-4DF7-9BB0-95DDA7EFF163}
[2011/04/18 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E9A18667-DA9C-4BF2-A191-B7E8BF7A6FF7}
[2011/04/17 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/16 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9D87F24E-552E-420E-8986-DF8E3D1DD86F}
[2011/04/12 15:36:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/16 18:20:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/05/16 18:15:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 18:15:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 17:57:05 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/16 17:57:05 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/16 17:21:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/05/15 22:22:18 | 000,001,940 | ---- | M] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 22:22:17 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 22:22:17 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 22:16:03 | 003,600,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 22:15:55 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\XDSA.job
[2011/05/15 22:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 22:15:39 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 22:13:18 | 000,000,512 | ---- | M] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/15 13:00:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:52:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/14 23:21:33 | 000,001,989 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 23:21:32 | 000,002,027 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/05/14 19:15:11 | 000,001,057 | ---- | M] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/05/14 19:12:34 | 000,026,624 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 18:00:09 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/21 21:12:12 | 000,000,800 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/04/17 13:44:06 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:42 | 020,533,281 | ---- | M] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe

========== Files Created - No Company Name ==========

[2011/05/15 22:13:18 | 000,000,512 | ---- | C] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/13 19:26:52 | 000,001,940 | ---- | C] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 18:00:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 13:44:05 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:17 | 020,533,281 | ---- | C] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/12 15:36:17 | 000,087,608 | ---- | C] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,007,887 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/12 13:54:07 | 000,001,057 | ---- | C] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 00:09:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/18 23:42:57 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\WpdConns8.dll
[2011/02/13 16:48:32 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2011/02/13 16:48:32 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2011/02/13 16:48:32 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/13 16:48:32 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/18 10:51:54 | 000,001,456 | ---- | C] () -- C:\Users\pc\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/26 14:12:15 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/26 14:12:14 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/26 13:22:59 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010/09/21 20:33:57 | 000,026,624 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 14:56:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/18 14:55:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/27 21:51:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,600,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/30 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon
[2011/05/10 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DMCache
[2011/05/14 13:24:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IDM
[2010/08/27 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenOffice.org
[2010/10/27 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2011/05/14 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/05/14 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Vso
[2011/02/18 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WinAVI
[2011/05/15 22:14:46 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/15 22:15:55 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\XDSA.job

========== Purity Check ==========



< End of report >




Thanks again mate...bear with me Im a noob at this

Edited by MoparMan, 16 May 2011 - 02:44 AM.

  • 0

#6
Essexboy
Posted 16 May 2011 - 10:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you press run scan or the quick scan ? Quick scan will always default to 30 days :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/15 22:15:55 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\XDSA.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

[attachment=50086:Untitled.gif]
  • 0

#7
MoparMan
Posted 17 May 2011 - 02:33 AM

MoparMan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy
I ran a 90 day scan before the run fix,did the run fix and tested out google....still redirecting
Heres a 90 day "after run fix" scan...do you want the earlier ones too?


OTL logfile created on: 17/05/2011 6:28:06 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 292.58 Gb Free Space | 62.82% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/18 10:24:08 | 001,733,120 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/27 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 16:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 16:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
MOD - [2011/04/21 03:00:24 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/21 03:00:24 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/21 05:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/31 14:00:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 14:00:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/27 11:11:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 10:55:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 17:34:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/06 14:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 13:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 12:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 12:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/11 20:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/27 17:45:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/15 13:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 1D 22 DC 7F F6 CB 01 [binary data]
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/28 18:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 10:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 08:52:36 | 000,000,000 | ---D | M]

[2011/02/20 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Extensions
[2011/05/15 09:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions
[2011/02/21 18:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 11:22:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/19 11:19:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 11:21:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/02/20 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 10:55:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/08/28 18:45:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/17 18:21:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell - "" = AutoRun
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/05/17 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F519FC14-7F48-434E-A7B7-3114D2BA960E}
[2011/05/17 18:21:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F1AEFC6D-4BE3-4CD0-AE2A-8CF38726C825}
[2011/05/16 00:58:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E4624878-F456-4CB6-834A-B4DA5C293580}
[2011/05/15 22:18:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\GooredFix Backups
[2011/05/15 13:00:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B74B227-BABC-4B1E-927E-EE17FF5B3206}
[2011/05/14 07:02:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EE23E3DF-A4AE-441C-A14D-956B5A298FB5}
[2011/05/13 19:01:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9A2E7B46-DC60-44D4-A84B-E0CB6C949F38}
[2011/05/13 07:01:14 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6237C9CB-F2ED-4D7A-9A9F-D59F7B8549BA}
[2011/05/12 07:03:34 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{2A38AFB8-DC2B-4FE7-BB22-A0C25DF0F114}
[2011/05/11 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{94603D46-1D4C-4CD4-B485-D52C665E71A2}
[2011/05/11 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 17:55:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/11 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9B7BC8F1-6D47-4A47-A272-FCFA1D074491}
[2011/05/10 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FC394DD6-3E54-4E53-AE12-03B56501BC13}
[2011/05/04 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{996E0334-AC8F-40F3-A14E-09B01B393862}
[2011/05/04 05:22:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6252B7F2-5434-4FD5-AD60-103B9D1FCDF3}
[2011/05/03 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8692AC28-A3CE-4647-A922-0877694B35A7}
[2011/05/03 05:21:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6EC451ED-80BA-4F58-B0F2-5F41F8810E17}
[2011/05/02 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{834997CA-BB34-4D60-90F6-5478F5E14C95}
[2011/05/02 05:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{23AE77A7-887B-4F1D-A0E3-62DD7EB547EC}
[2011/05/01 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FA0FA6DF-E73F-48BC-9BD3-5D5AB78755D9}
[2011/05/01 05:18:44 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FCB6F5EF-44BE-4DCB-8EF7-55F8FD3186B7}
[2011/04/30 23:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/04/30 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Canon
[2011/04/30 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2011/04/30 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AA3910BA-085E-4BB4-90BC-7F745F3D5C7F}
[2011/04/30 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/30 11:53:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/30 11:52:59 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/30 11:52:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/30 05:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BD326615-C618-4958-ADA5-7C8091C9E098}
[2011/04/29 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{336B9840-981B-48F6-B32F-4893C17E55C6}
[2011/04/29 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{4CBA3D66-8E05-4322-9C2F-DE2354C3E2D5}
[2011/04/28 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6DEEA9D1-362B-408B-BBC8-ED128AB7912E}
[2011/04/27 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{264A6C8B-5067-4EB1-BD30-5F4931055EAC}
[2011/04/27 15:21:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 15:21:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 15:21:39 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EB2AA585-D3E3-4EE6-BE97-4413F1600E17}
[2011/04/25 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{594AD3DA-C440-4F17-9A68-19090DD6C272}
[2011/04/25 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8A30DCB5-0A2E-4DDD-BD0A-72E23A429BA9}
[2011/04/24 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AD1C6D00-5D3C-4470-97E3-F3FB6406BBA2}
[2011/04/23 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C20A84AE-B1C6-4AC2-80AC-0F63C46112FF}
[2011/04/23 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9EC803BE-BBA0-48ED-BFBE-19F7ADD4A393}
[2011/04/21 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{764DA173-C74B-47FC-AE3C-12B1C2A55045}
[2011/04/21 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{0C4CECA0-85AE-4807-AE82-14D0E1B0752E}
[2011/04/20 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{025CDCB2-862E-4494-A0D7-EAE48EF198DF}
[2011/04/19 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DECEE91F-8E23-4DF7-9BB0-95DDA7EFF163}
[2011/04/18 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E9A18667-DA9C-4BF2-A191-B7E8BF7A6FF7}
[2011/04/17 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/16 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9D87F24E-552E-420E-8986-DF8E3D1DD86F}
[2011/04/16 11:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/04/16 11:05:24 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2011/04/16 11:05:24 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/04/16 11:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/04/15 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DD86BE3C-1EEB-4970-ACC1-EAE70DFD9B15}
[2011/04/14 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AE3C423B-F44A-492E-B5EC-0C16E176B46A}
[2011/04/14 20:36:29 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/14 20:36:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 20:36:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/14 20:36:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/14 20:36:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/14 20:36:23 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/14 20:36:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/14 20:36:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/14 20:36:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/14 20:36:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/14 20:36:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/14 20:36:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/14 20:36:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/14 20:36:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/14 20:36:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/14 20:36:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/14 20:36:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/14 20:36:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/14 20:36:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/14 20:36:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/14 20:36:16 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/14 20:36:13 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 20:36:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 20:36:07 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/14 20:36:07 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/14 10:33:16 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DB0A6EFC-34A3-49DF-846C-F34CB12B02BF}
[2011/04/13 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FB9969EB-B8CB-4EB7-9387-BACDF0E371D9}
[2011/04/13 10:32:09 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{5C960557-6D59-4A73-BBA2-6D6F2C1A21B1}
[2011/04/12 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{84D0ECEA-696F-4BFA-A224-A1DA17E678E4}
[2011/04/12 15:36:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys
[2011/04/12 15:36:17 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\PcSetup
[2011/04/12 14:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/04/12 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\ConvertXToDVD
[2011/04/12 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Vso
[2011/04/12 13:53:22 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2011/04/12 13:53:22 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2011/04/12 13:53:22 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2011/04/12 13:53:22 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2011/04/12 13:53:22 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2011/04/12 13:53:22 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2011/04/12 10:31:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BEEB50EB-7EF0-44D5-B149-8888D245F77C}
[2011/04/11 22:30:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{5DEBF394-E8F7-4CA8-8040-2A6105B29C2B}
[2011/04/10 20:07:20 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8B582A1E-EBE0-4B52-99A2-337316F71F3E}
[2011/04/09 22:07:17 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{92E445D7-4EF3-4467-B6AA-70712250F682}
[2011/04/09 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{412470CF-993A-4920-A28A-4E3D4555A65A}
[2011/04/08 21:26:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{76C0B128-64E2-4A47-954E-BA0195495269}
[2011/04/07 18:18:26 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DDDC2186-A174-450C-B0A2-26ACA5AB793D}
[2011/04/07 06:18:05 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{92CA3D49-D730-432C-AC3A-8EC1790CAB1C}
[2011/04/06 18:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C51B6593-4EB1-42FE-A424-3879046FA13E}
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/04/05 21:10:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EFCDA2D8-FFAE-4359-B460-86054A278634}
[2011/04/04 22:46:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{D3D1F24A-F1E6-4C31-AF69-03921D2E85B1}
[2011/04/03 21:56:17 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6F8B6479-A832-46C8-86F0-6224B434F358}
[2011/04/02 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B1418DB-C746-4407-9AFA-6E4057880BD3}
[2011/04/02 02:28:05 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E574EDAA-8FDA-488E-9555-8B31D3C82CCD}
[2011/03/31 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F409BBCA-ED9F-4E91-B767-76543D854081}
[2011/03/31 07:49:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{646ACBC7-3849-4683-992E-1A5D159C7D97}
[2011/03/23 09:47:15 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 09:47:14 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/21 13:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/03/21 13:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/03/21 13:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series Manual
[2011/03/21 13:51:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/03/21 13:51:20 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/03/21 13:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series
[2011/03/21 13:51:15 | 001,310,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC270C.dll
[2011/03/21 13:51:15 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC270L.dll
[2011/03/21 13:51:15 | 000,110,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC270I.dll
[2011/03/21 13:51:15 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC270U.dll
[2011/03/21 13:51:15 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2011/03/21 13:50:56 | 000,272,384 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9X.DLL
[2011/03/21 13:50:49 | 000,090,112 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC270O.dll
[2011/03/21 13:50:38 | 000,178,176 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIU9X.DLL
[2011/03/21 13:50:30 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/03/21 13:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/03/20 22:17:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Media Player Classic
[2011/03/20 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/20 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Google
[2011/03/09 19:23:15 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 19:23:15 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 19:23:15 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 19:23:15 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/02/24 22:35:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 22:33:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 22:33:31 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 22:33:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 22:33:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 22:33:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 22:33:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 22:33:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 22:33:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 22:33:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 22:33:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 22:33:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 22:33:26 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 22:33:26 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 22:33:26 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 22:33:26 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 22:33:26 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/23 22:31:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/02/23 22:31:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Apps
[2011/02/20 22:33:12 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Mozilla
[2011/02/20 22:33:12 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Mozilla
[2011/02/20 22:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/20 22:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/20 21:23:45 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes
[2011/02/20 21:23:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/20 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/20 21:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/20 21:23:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/20 21:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/20 01:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/02/20 01:08:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Windows Live
[2011/02/20 01:07:57 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/02/20 01:07:18 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/02/20 01:07:18 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/02/20 01:07:17 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/02/20 01:06:58 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/02/20 01:06:57 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/02/20 01:06:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/02/20 01:06:57 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/02/20 01:06:57 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/02/20 01:06:56 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/02/20 01:06:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/02/20 01:06:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/02/20 01:06:38 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/02/20 01:06:36 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/02/20 01:06:36 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/02/20 01:06:36 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/02/20 01:06:36 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/02/20 01:06:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/02/20 01:06:36 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/02/20 01:06:36 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/02/20 01:06:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/02/20 01:06:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/02/20 01:05:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/02/20 01:05:57 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/02/19 17:43:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/19 17:43:51 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/19 17:43:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/19 17:43:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/19 17:43:51 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/19 17:43:51 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/19 17:43:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/19 17:43:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/19 17:43:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/19 17:43:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/19 17:43:50 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/19 17:43:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/19 17:43:49 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/19 17:43:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/19 17:43:49 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/19 17:43:49 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/19 17:43:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/19 17:43:46 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/19 17:43:46 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/19 17:43:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/19 17:43:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/19 17:42:43 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/02/19 13:07:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/19 13:07:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/19 13:07:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/19 13:07:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/19 12:36:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/02/19 12:36:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/02/19 12:36:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/02/18 23:42:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\WinAVI
[2011/02/18 23:42:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\WinAVI
[2011/02/18 23:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2011/02/18 22:39:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\AVS4YOU
[2011/02/18 22:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/02/18 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/02/18 22:38:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2011/02/18 22:38:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2011/02/18 22:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/02/18 22:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/02/18 19:18:37 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Movies
[2011/02/18 19:14:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\IdealSoftware
[2011/02/18 19:14:35 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\IdealDVD2AVI
[2011/02/16 19:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/16 19:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 90 Days ==========

[2011/05/17 18:29:16 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/17 18:29:16 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/17 18:28:42 | 000,001,940 | ---- | M] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 18:23:42 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/17 18:23:35 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/17 18:22:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 18:22:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 18:22:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 18:22:49 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 18:21:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/17 18:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/05/17 17:21:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 22:16:03 | 003,600,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 22:13:18 | 000,000,512 | ---- | M] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/15 13:00:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/14 23:21:33 | 000,001,989 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 23:21:32 | 000,002,027 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/05/14 19:15:11 | 000,001,057 | ---- | M] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/05/14 19:12:34 | 000,026,624 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 18:00:09 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/21 21:12:12 | 000,000,800 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/04/17 13:44:06 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:42 | 020,533,281 | ---- | M] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | M] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk
[2011/04/14 22:12:29 | 000,000,000 | ---- | M] () -- C:\Users\pc\ipconfig
[2011/04/12 15:36:17 | 000,087,608 | ---- | M] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys
[2011/04/12 15:36:17 | 000,007,887 | ---- | M] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | M] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/04/02 18:02:29 | 000,000,680 | ---- | M] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011/04/02 18:02:16 | 020,586,196 | ---- | M] () -- C:\Users\pc\Documents\vlc-1.1.8-win32.exe
[2011/04/02 15:49:41 | 000,000,632 | RHS- | M] () -- C:\Users\pc\ntuser.pol
[2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/03/21 13:53:26 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/03/21 13:53:16 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/03/21 13:52:40 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/03/21 13:52:18 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/03/21 13:52:00 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP270 series On-screen Manual.lnk
[2011/03/13 07:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/11 03:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/11 03:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/10 23:22:17 | 000,000,000 | -H-- | M] () -- C:\Users\pc\Documents\Default.rdp
[2011/03/04 01:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/03 23:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/03/03 23:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/26 10:02:25 | 003,517,054 | ---- | M] () -- C:\Users\pc\Desktop\codeofpracticelightvehiclesreductions.pdf
[2011/02/23 22:31:32 | 000,002,302 | ---- | M] () -- C:\Users\pc\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/02/23 00:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/22 23:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/22 16:18:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/22 16:17:37 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/22 16:17:37 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/22 16:17:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/22 16:16:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/22 16:16:53 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/22 16:16:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/22 16:16:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/22 16:16:40 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/22 16:16:39 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/22 16:16:39 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/22 16:16:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/22 15:20:39 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/22 14:43:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/22 14:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/22 14:43:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/22 14:42:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/20 22:33:07 | 000,001,748 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/20 22:33:07 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/20 21:23:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/20 01:25:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/02/20 01:25:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/19 00:09:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/02/18 23:42:57 | 000,090,112 | RHS- | M] () -- C:\Windows\System32\WpdConns8.dll
[2011/02/17 16:23:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/17 16:19:43 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/17 02:16:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/17 00:02:23 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/16 19:24:15 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/05/15 22:13:18 | 000,000,512 | ---- | C] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/13 19:26:52 | 000,001,940 | ---- | C] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 18:00:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/17 13:44:05 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/17 13:42:17 | 020,533,281 | ---- | C] () -- C:\Users\pc\Documents\vlc-1.1.9-win32.exe
[2011/04/16 11:05:29 | 000,001,009 | ---- | C] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/04/16 11:05:28 | 000,001,017 | ---- | C] () -- C:\Users\pc\Desktop\ConvertXtoDVD 4.lnk
[2011/04/14 22:12:29 | 000,000,000 | ---- | C] () -- C:\Users\pc\ipconfig
[2011/04/12 15:36:17 | 000,087,608 | ---- | C] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,007,887 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/12 13:54:07 | 000,001,057 | ---- | C] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/04/02 18:01:53 | 020,586,196 | ---- | C] () -- C:\Users\pc\Documents\vlc-1.1.8-win32.exe
[2011/04/02 15:49:08 | 000,000,632 | RHS- | C] () -- C:\Users\pc\ntuser.pol
[2011/03/21 13:53:25 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2011/03/21 13:53:14 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/03/21 13:52:39 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/03/21 13:52:18 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2011/03/21 13:52:00 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP270 series On-screen Manual.lnk
[2011/03/21 13:51:16 | 000,012,544 | ---- | C] () -- C:\Windows\System32\CNC173BD.TBL
[2011/03/20 12:11:42 | 000,001,989 | ---- | C] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/20 12:11:41 | 000,002,027 | ---- | C] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/03/20 12:11:14 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/03/20 12:11:13 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/03/10 23:22:17 | 000,000,000 | -H-- | C] () -- C:\Users\pc\Documents\Default.rdp
[2011/02/26 10:02:25 | 003,517,054 | ---- | C] () -- C:\Users\pc\Desktop\codeofpracticelightvehiclesreductions.pdf
[2011/02/24 22:33:27 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 22:33:27 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 22:33:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/23 22:31:32 | 000,002,302 | ---- | C] () -- C:\Users\pc\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/02/20 22:33:07 | 000,001,748 | ---- | C] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/20 22:33:07 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/20 21:23:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/20 01:25:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/02/20 01:25:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/20 01:23:21 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/02/20 01:22:57 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/02/19 00:09:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/18 23:42:57 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\WpdConns8.dll
[2011/02/16 19:24:13 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/13 16:48:32 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2011/02/13 16:48:32 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2011/02/13 16:48:32 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/13 16:48:32 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/18 10:51:54 | 000,001,456 | ---- | C] () -- C:\Users\pc\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/26 14:12:15 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/26 14:12:14 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/26 13:22:59 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010/09/21 20:33:57 | 000,026,624 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 14:56:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/18 14:55:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/27 21:51:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,600,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Thanks for the ongoing support
  • 0

#8
Essexboy
Posted 17 May 2011 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope this be the one I wanted - could you try for redirects after OTL reboots please, I may need to use a stronger tool but lets see

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/18 23:42:57 | 000,090,112 | RHS- | M] () -- C:\Windows\System32\WpdConns8.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
MoparMan
Posted 18 May 2011 - 05:31 AM

MoparMan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy

Did as you requested....checked google after the reboot and it seems to be running fine,for that I am eternally grateful :)
Here is the log

OTL:


OTL logfile created on: 18/05/2011 9:25:56 PM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 291.86 Gb Free Space | 62.66% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/18 10:24:08 | 001,733,120 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/27 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 16:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 22:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
MOD - [2011/04/21 03:00:24 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/21 03:00:24 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/21 05:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/26 10:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/16 06:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/31 14:00:53 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 14:00:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110429.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/27 11:11:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 10:55:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 17:34:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/06 14:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 13:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 12:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 12:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/11 20:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/11/27 17:45:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/10/15 13:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 1D 22 DC 7F F6 CB 01 [binary data]
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ninemsn.com.au/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/28 18:45:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 10:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 08:52:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 08:52:36 | 000,000,000 | ---D | M]

[2011/02/20 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Extensions
[2011/05/15 09:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions
[2011/02/21 18:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 11:22:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/19 11:19:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 11:21:11 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\qmy5mwfk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/02/20 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 10:55:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/08/28 18:45:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/18 21:20:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1759715684-315256926-4125069295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell - "" = AutoRun
O33 - MountPoints2\{ba836a32-317a-11e0-847a-406186f3e578}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f051af-e0a5-11df-b946-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{73CF88A4-F937-43BE-AEC7-66D097A9798D}
[2011/05/18 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{09B3C779-F5B2-43FB-8957-AB5389628848}
[2011/05/18 06:25:23 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{88950BD5-2C4D-448B-93BF-AE597371C86A}
[2011/05/18 06:25:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{38792993-34B2-48F8-9C5C-AB9671224A37}
[2011/05/17 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F519FC14-7F48-434E-A7B7-3114D2BA960E}
[2011/05/17 18:21:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{F1AEFC6D-4BE3-4CD0-AE2A-8CF38726C825}
[2011/05/16 00:58:24 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E4624878-F456-4CB6-834A-B4DA5C293580}
[2011/05/15 22:18:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\GooredFix Backups
[2011/05/15 13:00:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/15 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{1B74B227-BABC-4B1E-927E-EE17FF5B3206}
[2011/05/14 07:02:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EE23E3DF-A4AE-441C-A14D-956B5A298FB5}
[2011/05/13 19:01:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9A2E7B46-DC60-44D4-A84B-E0CB6C949F38}
[2011/05/13 07:01:14 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6237C9CB-F2ED-4D7A-9A9F-D59F7B8549BA}
[2011/05/12 07:03:34 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{2A38AFB8-DC2B-4FE7-BB22-A0C25DF0F114}
[2011/05/11 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{94603D46-1D4C-4CD4-B485-D52C665E71A2}
[2011/05/11 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 17:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 17:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 17:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 17:55:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/11 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9B7BC8F1-6D47-4A47-A272-FCFA1D074491}
[2011/05/10 19:01:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FC394DD6-3E54-4E53-AE12-03B56501BC13}
[2011/05/04 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{996E0334-AC8F-40F3-A14E-09B01B393862}
[2011/05/04 05:22:21 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6252B7F2-5434-4FD5-AD60-103B9D1FCDF3}
[2011/05/03 17:21:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8692AC28-A3CE-4647-A922-0877694B35A7}
[2011/05/03 05:21:01 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6EC451ED-80BA-4F58-B0F2-5F41F8810E17}
[2011/05/02 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{834997CA-BB34-4D60-90F6-5478F5E14C95}
[2011/05/02 05:19:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{23AE77A7-887B-4F1D-A0E3-62DD7EB547EC}
[2011/05/01 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FA0FA6DF-E73F-48BC-9BD3-5D5AB78755D9}
[2011/05/01 05:18:44 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{FCB6F5EF-44BE-4DCB-8EF7-55F8FD3186B7}
[2011/04/30 23:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/04/30 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Canon
[2011/04/30 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2011/04/30 17:18:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AA3910BA-085E-4BB4-90BC-7F745F3D5C7F}
[2011/04/30 11:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/30 11:53:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/30 11:52:59 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/30 11:52:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/30 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/30 05:17:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{BD326615-C618-4958-ADA5-7C8091C9E098}
[2011/04/29 17:17:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{336B9840-981B-48F6-B32F-4893C17E55C6}
[2011/04/29 05:16:30 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{4CBA3D66-8E05-4322-9C2F-DE2354C3E2D5}
[2011/04/28 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{6DEEA9D1-362B-408B-BBC8-ED128AB7912E}
[2011/04/27 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{264A6C8B-5067-4EB1-BD30-5F4931055EAC}
[2011/04/26 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{EB2AA585-D3E3-4EE6-BE97-4413F1600E17}
[2011/04/25 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{594AD3DA-C440-4F17-9A68-19090DD6C272}
[2011/04/25 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{8A30DCB5-0A2E-4DDD-BD0A-72E23A429BA9}
[2011/04/24 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{AD1C6D00-5D3C-4470-97E3-F3FB6406BBA2}
[2011/04/23 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{C20A84AE-B1C6-4AC2-80AC-0F63C46112FF}
[2011/04/23 09:39:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{9EC803BE-BBA0-48ED-BFBE-19F7ADD4A393}
[2011/04/21 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{764DA173-C74B-47FC-AE3C-12B1C2A55045}
[2011/04/21 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{0C4CECA0-85AE-4807-AE82-14D0E1B0752E}
[2011/04/20 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{025CDCB2-862E-4494-A0D7-EAE48EF198DF}
[2011/04/19 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{DECEE91F-8E23-4DF7-9BB0-95DDA7EFF163}
[2011/04/18 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\{E9A18667-DA9C-4BF2-A191-B7E8BF7A6FF7}
[2011/04/12 15:36:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\pc\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/18 21:27:29 | 000,001,940 | ---- | M] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 21:22:31 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/18 21:22:31 | 000,069,261 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/18 21:21:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 21:21:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 21:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/18 21:21:42 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 21:20:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/18 20:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000UA.job
[2011/05/18 17:21:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1759715684-315256926-4125069295-1000Core.job
[2011/05/18 07:03:30 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/18 07:03:30 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 22:18:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2011/05/15 22:16:03 | 003,600,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/15 22:13:18 | 000,000,512 | ---- | M] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/15 13:00:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\pc\Desktop\GooredFix.exe
[2011/05/14 23:21:33 | 000,001,989 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 23:21:32 | 000,002,027 | ---- | M] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2011/05/14 19:15:11 | 000,001,057 | ---- | M] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/05/14 19:12:34 | 000,026,624 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 18:00:09 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/21 21:12:12 | 000,000,800 | ---- | M] () -- C:\Users\pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk

========== Files Created - No Company Name ==========

[2011/05/15 22:13:18 | 000,000,512 | ---- | C] () -- C:\Users\pc\Desktop\MBR.dat
[2011/05/13 19:26:52 | 000,001,940 | ---- | C] () -- C:\Users\pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 18:00:08 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/30 11:53:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/12 15:36:17 | 000,087,608 | ---- | C] () -- C:\Users\pc\AppData\Roaming\inst.exe
[2011/04/12 15:36:17 | 000,007,887 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.cat
[2011/04/12 15:36:17 | 000,001,144 | ---- | C] () -- C:\Users\pc\AppData\Roaming\pcouffin.inf
[2011/04/12 13:54:07 | 000,001,057 | ---- | C] () -- C:\Users\pc\AppData\Roaming\vso_ts_preview.xml
[2011/02/19 00:09:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/13 16:48:32 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2011/02/13 16:48:32 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2011/02/13 16:48:32 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/13 16:48:32 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/18 10:51:54 | 000,001,456 | ---- | C] () -- C:\Users\pc\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/26 14:12:15 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/26 14:12:14 | 000,069,261 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/26 13:22:59 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010/09/21 20:33:57 | 000,026,624 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 14:56:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/18 14:55:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/27 21:51:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,600,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/30 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon
[2011/05/10 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DMCache
[2011/05/14 13:24:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IDM
[2010/08/27 21:22:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenOffice.org
[2010/10/27 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Tific
[2011/05/14 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2011/05/14 19:15:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Vso
[2011/02/18 23:42:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WinAVI
[2011/05/18 21:20:59 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Really appreciate the help mate...
  • 0

#10
Essexboy
Posted 18 May 2011 - 11:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK methinks a little sweep for orphans and then see how the computer is behaving

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#11
MoparMan
Posted 20 May 2011 - 06:14 AM

MoparMan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Essexboy

Malware scan came back clean :)




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6625

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

20/05/2011 10:12:39 PM
mbam-log-2011-05-20 (22-12-39).txt

Scan type: Quick scan
Objects scanned: 157446
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Any tips to save any further dramas? And thanks very much for the help!!
  • 0

#12
Essexboy
Posted 20 May 2011 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools page
  • Select Performance Information and Tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Final stretch


Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
Essexboy
Posted 24 May 2011 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP