I had a long weekened away abd on my return someone had been usingmy computer.
It now takes 25-30 mins from start up to even open explorer.
What steps can I take to check the system and hopefully resolve the issue?
Thanks,
Tom
Suddenly running very slow?!
Started by
tom468
, Jun 03 2011 01:53 AM
-
This topic is locked
#1
Posted 03 June 2011 - 01:53 AM
tom468
-
- Member
-
- 63 posts
Member
I had a long weekened away abd on my return someone had been usingmy computer.
It now takes 25-30 mins from start up to even open explorer.
What steps can I take to check the system and hopefully resolve the issue?
Thanks,
Tom
#3
Posted 06 June 2011 - 04:23 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
Thanks for your reply. Please find below my OTL log..
OTL logfile created on: 06/06/2011 11:03:28 - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\T\My Documents\anti V
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 76.46 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM
Current User Name: T
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\HTC\HTC Sync\Sync Manager\SyncIndicator.exe (Teleca Sweden AB)
PRC - C:\Documents and Settings\T\My Documents\anti V\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
========== Modules (SafeList) ==========
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\T\My Documents\anti V\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060918
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060918
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 32 CC 99 BC 3A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.sharepric...XPLORATION-PLC"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 08:54:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 16:30:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 16:30:38 | 00,000,000 | ---D | M]
[2009/11/11 09:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Mozilla\Extensions
[2011/06/01 10:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Mozilla\Firefox\Profiles\0h5n5h6u.default\extensions
[2011/06/01 10:28:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 11:50:03 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/25 10:32:09 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 00,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 18:47:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 18:47:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 18:47:02 | 00,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBC.lnk = C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159527175108 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/22 09:32:57 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{99006de9-1b56-11dd-bf3d-001372e905f8}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{99006de9-1b56-11dd-bf3d-001372e905f8}\Shell\open\command - "" = SUD\SSOW\sep.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2011/06/06 10:49:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/05 13:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/05 13:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/05 13:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/25 16:06:23 | 00,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe43.dll
[2009/12/21 12:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/21 12:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/21 12:00:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/21 12:00:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/28 11:49:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/09/29 11:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
========== Files - Modified Within 14 Days ==========
[2011/06/06 11:15:49 | 00,033,239 | ---- | M] () -- C:\Documents and Settings\T\Desktop\41ckXgfYtPL__SS500_.jpg
[2011/06/06 11:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
[2011/06/06 10:39:58 | 00,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/06 10:06:41 | 11,730,8668 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/06 10:05:52 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\T\Desktop\Mon Van.xls
[2011/06/06 10:00:03 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55AF9B05-6C09-4DA7-B9C7-4D7EDBC68738}.job
[2011/06/06 09:59:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 09:56:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/06 09:56:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 09:56:04 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 17:07:01 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\T\NTUSER.DAT
[2011/06/03 17:07:01 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\T\ntuser.ini
[2011/06/03 10:21:02 | 00,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/06/03 10:21:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/06/03 10:21:02 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/02 13:28:10 | 00,022,696 | ---- | M] () -- C:\Documents and Settings\T\Desktop\198863_10150108997126367_595251366_6799506_387732_n.jpg
[2011/06/01 13:37:48 | 00,307,334 | ---- | M] () -- C:\Documents and Settings\T\Desktop\2522164035_fb61e91bda_b.jpg
[2011/05/29 09:11:30 | 00,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 00,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 15:38:04 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\T\My Documents\Race data.xls
========== Files Created - No Company Name ==========
[2011/06/03 11:01:44 | 10,634,07616 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 10:12:15 | 00,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
[2011/06/02 13:28:15 | 00,022,696 | ---- | C] () -- C:\Documents and Settings\T\Desktop\198863_10150108997126367_595251366_6799506_387732_n.jpg
[2011/06/01 13:38:08 | 00,307,334 | ---- | C] () -- C:\Documents and Settings\T\Desktop\2522164035_fb61e91bda_b.jpg
[2011/05/09 09:13:22 | 00,000,078 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\xobni_installer_updater.log
[2010/04/19 16:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/10/20 19:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/18 15:18:03 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\housecall.guid.cache
[2007/12/07 13:51:59 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\T\Application Data\AVSDVDPlayer.m3u
[2007/12/07 13:39:47 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/07 13:39:47 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/10 15:21:33 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/04/10 14:47:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2007/04/10 14:44:46 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/04/10 14:43:55 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4490DEFGIPSR.ini
[2007/04/02 14:22:56 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/02/02 10:21:48 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/10/18 15:17:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/10/18 14:20:03 | 00,000,774 | ---- | C] () -- C:\WINDOWS\PSDUK.INI
[2006/10/18 14:20:03 | 00,000,075 | ---- | C] () -- C:\WINDOWS\psdxpuk.ini
[2006/10/09 11:15:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/05 16:42:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2006/10/05 16:41:45 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006/10/02 14:22:46 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\T\Application Data\dvd.bmk
[2006/10/02 14:22:13 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\fusioncache.dat
[2006/10/02 13:26:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI
[2006/10/02 13:22:29 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfc4.sys
[2006/09/30 12:37:41 | 00,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/09/30 11:14:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/30 10:34:03 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 10:34:03 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\90B973048B.sys
[2006/09/30 10:22:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/29 14:35:50 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/18 20:00:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/18 19:54:53 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/18 19:49:36 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/18 19:26:06 | 00,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/02/07 16:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alfac
[2011/05/09 09:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/12/21 12:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/10/23 14:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/09 09:05:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/17 09:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/15 13:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2011/05/09 09:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/03/28 16:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/07/21 09:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/04/15 13:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2006/11/09 15:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/30 11:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/09/18 19:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/17 14:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/20 16:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/07 16:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/16 08:21:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2008/02/22 13:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\.BitTornado
[2010/04/14 12:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\aerix
[2007/02/07 16:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Alfac
[2009/04/27 13:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Amazon
[2008/10/13 17:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Audacity
[2011/05/09 09:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\AVG10
[2009/12/17 09:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\ContentGuard
[2006/12/15 17:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\ConvertTemp
[2007/04/16 14:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\EPSON
[2006/10/13 11:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Leadertech
[2007/03/26 10:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Opera
[2011/01/17 14:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\PriceGong
[2007/08/09 12:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Samsung
[2009/04/24 11:40:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\streamripper
[2007/08/09 15:27:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Teleca
[2006/10/09 11:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Temporary
[2007/05/24 15:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\TransRender
[2010/07/30 11:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Trusteer
[2007/08/01 12:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Viewpoint
[2009/12/17 14:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\WindSolutions
[2011/05/23 09:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/06 10:00:03 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55AF9B05-6C09-4DA7-B9C7-4D7EDBC68738}.job
[2011/06/06 11:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
OTL logfile created on: 06/06/2011 11:03:28 - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\T\My Documents\anti V
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.82 Gb Total Space | 76.46 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM
Current User Name: T
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\HTC\HTC Sync\Sync Manager\SyncIndicator.exe (Teleca Sweden AB)
PRC - C:\Documents and Settings\T\My Documents\anti V\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
========== Modules (SafeList) ==========
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\T\My Documents\anti V\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060918
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060918
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 32 CC 99 BC 3A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.sharepric...XPLORATION-PLC"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 08:54:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 16:30:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 16:30:38 | 00,000,000 | ---D | M]
[2009/11/11 09:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Mozilla\Extensions
[2011/06/01 10:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Mozilla\Firefox\Profiles\0h5n5h6u.default\extensions
[2011/06/01 10:28:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 11:50:03 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/02/25 10:32:09 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 00,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 18:47:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 18:47:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 18:47:02 | 00,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBC.lnk = C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159527175108 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/22 09:32:57 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{99006de9-1b56-11dd-bf3d-001372e905f8}\Shell\AutoRun\command - "" = SUD\SSOW\sep.exe
O33 - MountPoints2\{99006de9-1b56-11dd-bf3d-001372e905f8}\Shell\open\command - "" = SUD\SSOW\sep.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2011/06/06 10:49:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/05 13:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/05 13:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/05 13:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/25 16:06:23 | 00,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe43.dll
[2009/12/21 12:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/21 12:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/21 12:00:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/21 12:00:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/28 11:49:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/09/29 11:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
========== Files - Modified Within 14 Days ==========
[2011/06/06 11:15:49 | 00,033,239 | ---- | M] () -- C:\Documents and Settings\T\Desktop\41ckXgfYtPL__SS500_.jpg
[2011/06/06 11:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
[2011/06/06 10:39:58 | 00,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/06/06 10:06:41 | 11,730,8668 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/06 10:05:52 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\T\Desktop\Mon Van.xls
[2011/06/06 10:00:03 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55AF9B05-6C09-4DA7-B9C7-4D7EDBC68738}.job
[2011/06/06 09:59:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/06 09:56:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/06 09:56:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 09:56:04 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 17:07:01 | 08,650,752 | -H-- | M] () -- C:\Documents and Settings\T\NTUSER.DAT
[2011/06/03 17:07:01 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\T\ntuser.ini
[2011/06/03 10:21:02 | 00,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/06/03 10:21:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/06/03 10:21:02 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/02 13:28:10 | 00,022,696 | ---- | M] () -- C:\Documents and Settings\T\Desktop\198863_10150108997126367_595251366_6799506_387732_n.jpg
[2011/06/01 13:37:48 | 00,307,334 | ---- | M] () -- C:\Documents and Settings\T\Desktop\2522164035_fb61e91bda_b.jpg
[2011/05/29 09:11:30 | 00,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 00,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 15:38:04 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\T\My Documents\Race data.xls
========== Files Created - No Company Name ==========
[2011/06/03 11:01:44 | 10,634,07616 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/03 10:12:15 | 00,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
[2011/06/02 13:28:15 | 00,022,696 | ---- | C] () -- C:\Documents and Settings\T\Desktop\198863_10150108997126367_595251366_6799506_387732_n.jpg
[2011/06/01 13:38:08 | 00,307,334 | ---- | C] () -- C:\Documents and Settings\T\Desktop\2522164035_fb61e91bda_b.jpg
[2011/05/09 09:13:22 | 00,000,078 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\xobni_installer_updater.log
[2010/04/19 16:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/10/20 19:19:30 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/18 15:18:03 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\housecall.guid.cache
[2007/12/07 13:51:59 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\T\Application Data\AVSDVDPlayer.m3u
[2007/12/07 13:39:47 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/07 13:39:47 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/10 15:21:33 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/04/10 14:47:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2007/04/10 14:44:46 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/04/10 14:43:55 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4490DEFGIPSR.ini
[2007/04/02 14:22:56 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/02/02 10:21:48 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/10/18 15:17:17 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2006/10/18 14:20:03 | 00,000,774 | ---- | C] () -- C:\WINDOWS\PSDUK.INI
[2006/10/18 14:20:03 | 00,000,075 | ---- | C] () -- C:\WINDOWS\psdxpuk.ini
[2006/10/09 11:15:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/05 16:42:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2006/10/05 16:41:45 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006/10/02 14:22:46 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\T\Application Data\dvd.bmk
[2006/10/02 14:22:13 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\fusioncache.dat
[2006/10/02 13:26:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI
[2006/10/02 13:22:29 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfc4.sys
[2006/09/30 12:37:41 | 00,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/09/30 11:14:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/30 10:34:03 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 10:34:03 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\90B973048B.sys
[2006/09/30 10:22:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/29 14:35:50 | 00,082,432 | ---- | C] () -- C:\Documents and Settings\T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/18 20:00:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/18 19:54:53 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/18 19:49:36 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/18 19:26:06 | 00,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/02/07 16:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alfac
[2011/05/09 09:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/12/21 12:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/10/23 14:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/09 09:05:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/17 09:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/15 13:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2011/05/09 09:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/03/28 16:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/07/21 09:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/04/15 13:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2006/11/09 15:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/30 11:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/09/18 19:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/17 14:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/20 16:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/07 16:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/16 08:21:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2008/02/22 13:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\.BitTornado
[2010/04/14 12:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\aerix
[2007/02/07 16:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Alfac
[2009/04/27 13:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Amazon
[2008/10/13 17:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Audacity
[2011/05/09 09:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\AVG10
[2009/12/17 09:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\ContentGuard
[2006/12/15 17:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\ConvertTemp
[2007/04/16 14:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\EPSON
[2006/10/13 11:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Leadertech
[2007/03/26 10:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Opera
[2011/01/17 14:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\PriceGong
[2007/08/09 12:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Samsung
[2009/04/24 11:40:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\streamripper
[2007/08/09 15:27:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Teleca
[2006/10/09 11:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Temporary
[2007/05/24 15:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\TransRender
[2010/07/30 11:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Trusteer
[2007/08/01 12:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\Viewpoint
[2009/12/17 14:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\WindSolutions
[2011/05/23 09:29:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/06 10:00:03 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55AF9B05-6C09-4DA7-B9C7-4D7EDBC68738}.job
[2011/06/06 11:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{975C5731-0753-4F1D-BDAB-DA1754EAB6B7}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
#4
Posted 06 June 2011 - 05:16 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi and thank you for OTL log.
Please proceed with this:
Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.
Note: This tool will self uninstall when you close it so please save the log before closing it.
Please proceed with this:
Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.
- You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
- Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- It will by default install it to your desktop folder.Click Next.
- Hit OK at the prompt for scanning in Safe Mode.
- It will then open a box. There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked:
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)
- Leave the rest of the settings as they appear as default.
- Then click on Scan at the to right hand corner.
- It will automatically Neutralize any objects found.
- If some objects are left un-neutralized then click the button that says Neutralize all.
- If it says it cannot be Neutralized then choose the delete option when prompted.
- After that is done click on the Reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and post it in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
#5
Posted 07 June 2011 - 03:12 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
Many thanks for your reply.
I started the scan this morning, but after an hour or more it was only 12% complete and I really needed to use the computer for my work.
I will leave it to scan overnight and post the log first thing!
Sorry to drag this out.
Thanks
I started the scan this morning, but after an hour or more it was only 12% complete and I really needed to use the computer for my work.
I will leave it to scan overnight and post the log first thing!
Sorry to drag this out.
Thanks
#7
Posted 08 June 2011 - 03:11 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
Ok so I ran AVP last night! I had a meeting this morning so didn't get to my desk until just afer 9am...BUT
Someone in their wisdom had decided to restart my computer because they thought they were being "helpful"!!!
So I have lost last nights log! Is there anyway to retrieve it??
Someone in their wisdom had decided to restart my computer because they thought they were being "helpful"!!!
So I have lost last nights log! Is there anyway to retrieve it??
#8
Posted 08 June 2011 - 05:30 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
If you did not uninstall AVP tool yet, then you should have Virus Removal Tool folder on your desktop. Open this folder and double click Start to re-run AVP Tool. Now click on Report button and then Save to save report.
If you uninstalled AVP Tool please repeat this step as instructed here.
If you did not uninstall AVP tool yet, then you should have Virus Removal Tool folder on your desktop. Open this folder and double click Start to re-run AVP Tool. Now click on Report button and then Save to save report.
If you uninstalled AVP Tool please repeat this step as instructed here.
#9
Posted 08 June 2011 - 10:03 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
Luckily it didn't uninstall, but below is all that the log said...
Autoscan: completed 19 hours ago (events: 2, objects: 368312, time: 04:18:01)
07/06/2011 16:58:33 Task started
07/06/2011 21:16:35 Task completed
Autoscan: completed 19 hours ago (events: 2, objects: 368312, time: 04:18:01)
07/06/2011 16:58:33 Task started
07/06/2011 21:16:35 Task completed
#10
Posted 08 June 2011 - 10:07 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
That's good as it seems malware free. Proceed with this:
We need to run an OTL Fix
That's good as it seems malware free. Proceed with this:
We need to run an OTL Fix
- Please right click on
on your desktop and click on Run as administrator. - Under the Custom Scans/Fixes box copy and paste this in:
:OTL
:Files
ipconfig /flushdns /c
:Reg
:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
- Click on
button. - OTL may ask to reboot the machine. Please do so if asked.
- Click on
button. - A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
#11
Posted 09 June 2011 - 03:51 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
All processes killed
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[emptyflash]> in the current context!
Error: Unable to interpret <[createrestorepoint]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!
OTL by OldTimer - Version 3.1.19.0 log created on 06092011_104903
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[emptyflash]> in the current context!
Error: Unable to interpret <[createrestorepoint]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!
OTL by OldTimer - Version 3.1.19.0 log created on 06092011_104903
#12
Posted 09 June 2011 - 06:15 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Something went wrong. Please repeat this fix:
We need to run an OTL Fix
We need to run an OTL Fix
- Please right click on on your desktop and click on Run as administrator.
- Under the Custom Scans/Fixes box copy and paste this in:
:OTL
:Files
ipconfig /flushdns /c
:Reg
:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot] - Click on button.
- OTL may ask to reboot the machine. Please do so if asked.
- Click on button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
#13
Posted 09 June 2011 - 09:15 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
I get an error...
Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.
Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.
Edited by tom468, 09 June 2011 - 09:16 AM.
#14
Posted 09 June 2011 - 09:29 AM
Render
-
- Malware Removal
-
- 4,195 posts
Trusted Helper
Hi,
Try with this:
Download the HostsXpert 4.2 - Hosts File Manager.
Then please repeat OTL fix as instructed here.
Try with this:
Download the HostsXpert 4.2 - Hosts File Manager.
- Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
- Run HostsXpert 4.2 - Hosts File Manager from its new home
- Click on "File Handling".
- Click on "Restore MS Hosts File".
- Click OK on the Confirmation box.
- Click on "Make Read Only?"
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Then please repeat OTL fix as instructed here.
#15
Posted 10 June 2011 - 06:55 AM
tom468
- Topic Starter
-
- Member
-
- 63 posts
Member
Sorry for the late reply.
All processes killed
========== OTL ==========
========== FILES ==========
Invalid time flag! [ c ]. Must be numerical.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
User: T
->Temp folder emptied: 8914680 bytes
->Temporary Internet Files folder emptied: 112125077 bytes
->Java cache emptied: 33259340 bytes
->FireFox cache emptied: 81808864 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 53424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38457202 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 262.00 mb
Error: Unable to interpret <[emptyflash]> in the current context!
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.19.0 log created on 06102011_134626
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
========== FILES ==========
Invalid time flag! [ c ]. Must be numerical.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
User: T
->Temp folder emptied: 8914680 bytes
->Temporary Internet Files folder emptied: 112125077 bytes
->Java cache emptied: 33259340 bytes
->FireFox cache emptied: 81808864 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 53424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38457202 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 262.00 mb
Error: Unable to interpret <[emptyflash]> in the current context!
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.19.0 log created on 06102011_134626
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
