Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Sphere 2012


  • This topic is locked This topic is locked

#1
purplelavender

purplelavender

    Member

  • Member
  • PipPip
  • 20 posts
This started happening yesterday and I have tried everything mentioned on your forum. Yesterday I had luck getting into Safe Mode and looking and editing Regedit but today I cannot get in. It will not boot into safe mode and when I select last good login it sits at windows starting screen. I have put in the Windows CD and it boots to my desktop. I have internet access and have managed to download and rename the Malwarebytes filee but it will not load.

Thanks for any help


I managed to download Spy No More and it scanned but then in order to clean wanted me to buy.....is this normal or is it redirecting.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if this can kill it so that I can remove the rest

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have download and tried but seems to just about start as I see a pop up black box and then nothing except for Sphere coming up again saying the exe is infected. I renamed as you suggested and same thing.
  • 0

#4
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Another thing I noticed when I renamed the file and tried to run black pop up flashes in screen and then when I check the properties of the renamed file it has been changed to winlogon.exe.exe.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Will OTL run at all ?

Are you able to use another computer to burn a cd ?
  • 0

#6
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Never got that far as I thought I needed to wait until I completed the first part. Someone gave me this link

http://deletemalware...phere-2012.html

and it worked to being able to put Sphere to thinking it is registered and it released and I was able to download Malwarebytes' but not in safe mode. I still cannot get into Safe Mode. Will see what scan finds in normal mode and see if I can find the rootkit. Right now I cannot see it in the suggested folder. C:\documents and settings\all users\applicstion data\755AC846-7372-4AC8-8550-C52491DAA8BD This is the one with a bunch of numbers but I have not deleted as yet. I think I found the culprit its under All Users.Windows\App Data and it actually has the symbol but won't let me delete. Hopefully the spyware will do that. You think??
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you run OTL I will be able to see and then remove the components for you making it an easier job for you... Thanks for the link I will look at that :)
  • 0

#8
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi there - ok I downloaded your link for OTL but it never came up with what you posted it would. Came up with a box to clean so I clicked. After a couple of minutes said it was done and needed to restart. Said ok nothing has changed. There is no log file either that I can find and the OTL file is gone from my desktop??? I still think I have a virus as I keep getting a pop up stating that Malwarebytes has stopped a malicious access to some site with an IP address.

I also tried the Rogue link which by the way is in French but still will not run. As well still cannot access Safe Mode. I get the screen to make a selection but just keeps botting normally.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you retry OTL please - the box marked cleanup is to remove the tool and all its parts

Once you have OTL open on the desktop and have copied/pasted the scan data it should look like this... Then press the Run Scan button



Two text files will be created could you then post those.
From these logs I will be able to see the bad files and then use OTL to remove them
  • 0

#10
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Extras logfile created on: 14/10/2011 7:21:38 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.80 Mb Total Physical Memory | 287.73 Mb Available Physical Memory | 57.23% Memory free
1.20 Gb Paging File | 0.60 Gb Available in Paging File | 49.88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.76 Gb Free Space | 7.41% Space Free | Partition Type: NTFS

Computer Name: ACS03976 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-507921405-1383384898-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\nv2\nv20.exe" = C:\nv2\nv20.exe:*:Enabled:Tclkit, a standalone runtime for Tcl/Tk
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}" = Intel® Active Monitor
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86333949-E3AB-4058-904E-AD8476E224F9}" = GenuTax Standard
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel® Network Connections 14.0.40.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{E06C6D71-ACAB-4290-8547-917C7FB1FD4E}" = AVG 2012
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Complete Canadian Wills Kit08-1" = Complete Canadian Wills Kit
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (Ahead Software)
"IncrediMail" = IncrediMail 2.0
"jZip" = jZip
"LinkedIn Internet Explorer Toolbar" = LinkedIn Internet Explorer Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Project 8.0" = Microsoft Project 98
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Rapport_msi" = Rapport
"Recovery Toolbox for Outlook_is1" = Recovery Toolbox for Outlook 1.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3e7030b24f9dd9e3" = Tenrox Project Plan

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/10/2011 1:45:08 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 09/10/2011 1:58:22 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 09/10/2011 2:35:26 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\User\LOCALS~1\Temp\STOPzilla!\SZPro5.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 09/10/2011 2:39:07 AM | Computer Name = ACS03976 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10o.ocx, version 10.2.153.1, fault address 0x00002868.

Error - 09/10/2011 3:00:31 AM | Computer Name = ACS03976 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10o.ocx, version 10.2.153.1, fault address 0x00002868.

Error - 09/10/2011 8:09:57 PM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Family Pack 4 -- Error 1706.No valid source could
be found for product WordPerfect Family Pack 4. The Windows Installer cannot continue.

Error - 10/10/2011 11:55:58 AM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2011 11:58:28 AM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2011 11:23:19 PM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2011 9:13:08 PM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Family Pack 4 -- Error 1706.No valid source could
be found for product WordPerfect Family Pack 4. The Windows Installer cannot continue.

[ Application Events ]
Error - 09/10/2011 1:45:08 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 09/10/2011 1:58:22 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 09/10/2011 2:35:26 AM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\User\LOCALS~1\Temp\STOPzilla!\SZPro5.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 09/10/2011 2:39:07 AM | Computer Name = ACS03976 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10o.ocx, version 10.2.153.1, fault address 0x00002868.

Error - 09/10/2011 3:00:31 AM | Computer Name = ACS03976 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10o.ocx, version 10.2.153.1, fault address 0x00002868.

Error - 09/10/2011 8:09:57 PM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Family Pack 4 -- Error 1706.No valid source could
be found for product WordPerfect Family Pack 4. The Windows Installer cannot continue.

Error - 10/10/2011 11:55:58 AM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2011 11:58:28 AM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2011 11:23:19 PM | Computer Name = ACS03976 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2011 9:13:08 PM | Computer Name = ACS03976 | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Family Pack 4 -- Error 1706.No valid source could
be found for product WordPerfect Family Pack 4. The Windows Installer cannot continue.

[ System Events ]
Error - 14/10/2011 9:42:14 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\Bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\Bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

[ System Events ]
Error - 14/10/2011 9:42:14 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:46:49 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\Bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:46:51 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\Bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 14/10/2011 9:47:07 AM | Computer Name = ACS03976 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >
  • 0

Advertisements


#11
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I cannot paste this so attaching

OTL logfile created on: 14/10/2011 7:21:38 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.80 Mb Total Physical Memory | 287.73 Mb Available Physical Memory | 57.23% Memory free
1.20 Gb Paging File | 0.60 Gb Available in Paging File | 49.88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.76 Gb Free Space | 7.41% Space Free | Partition Type: NTFS

Computer Name: ACS03976 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 07:07:41 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2011/10/09 22:02:36 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/09 22:02:33 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/21 17:10:24 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2011/06/21 17:10:21 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2011/04/22 06:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/19 08:55:18 | 000,826,368 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\system32\PrintDisp.exe
PRC - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () -- C:\Program Files\DOS2USB\elsvc.exe
PRC - [2009/10/28 19:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\system32\PrintCtrl.exe
PRC - [2009/03/23 20:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/01/10 13:07:32 | 000,102,400 | ---- | M] (Intel Corp.) -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
PRC - [2002/09/12 11:13:18 | 001,101,824 | ---- | M] (Copyright © ahead software gmbh and its licensors) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/06/26 18:36:58 | 000,090,112 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [1997/09/12 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/09 22:02:36 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/10/09 22:02:33 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/21 17:10:31 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2011/06/21 17:10:27 | 000,267,720 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2011/06/21 17:10:25 | 000,132,552 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll
MOD - [2011/06/21 17:10:25 | 000,079,304 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImAppRU.dll
MOD - [2010/12/29 04:40:24 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\bin\PMC.dll
MOD - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () -- C:\Program Files\DOS2USB\elsvc.exe
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2002/09/13 09:08:28 | 000,458,752 | ---- | M] () -- C:\Program Files\Ahead\InCD\Res.dll
MOD - [1997/09/12 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/09/12 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/09 22:02:36 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\DOS2USB\elsvc.exe -- (elAPIsvc)
SRV - [2009/10/28 19:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\WINDOWS\system32\PrintCtrl.exe -- (Printer Control)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2003/01/10 13:07:32 | 000,102,400 | ---- | M] (Intel Corp.) [Auto | Running] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®
SRV - [2002/07/15 17:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/07 08:09:13 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 13:05:10 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/01/10 13:04:46 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)
DRV - [2002/10/23 10:05:06 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel®
DRV - [2002/09/13 06:35:44 | 000,448,640 | ---- | M] (ahead software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 17:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2001/08/17 07:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1383384898-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-507921405-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/login.php"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:40&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/09 22:02:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 16:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/07 13:05:14 | 000,000,000 | ---D | M]

[2010/12/18 15:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/12/18 15:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2011/10/09 22:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\aeyfzste.default\extensions
[2011/09/19 12:09:43 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\aeyfzste.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2011/10/09 22:02:51 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\aeyfzste.default\extensions\[email protected]
[2011/10/12 15:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/12 15:30:43 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/09 22:02:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/12/12 12:59:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/02 16:53:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/02 16:53:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...box_im2_test_v2
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEToolbarBHO Class) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O3 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\..\Toolbar\WebBrowser: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Copyright © ahead software gmbh and its licensors)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-507921405-1383384898-725345543-1004..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-507921405-1383384898-725345543-1004..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-507921405-1383384898-725345543-1004..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-507921405-1383384898-725345543-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [KeApplet] C:\WINDOWS\TEMP\ke64vrxlka.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [KeApplet] C:\WINDOWS\TEMP\ke64vrxlka.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Linked&In Search - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\..Trusted Domains: tenroxhosting.com ([dgegroup] https in Trusted sites)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} https://dgegroup.ten...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {0FACC666-E038-43FF-B1A5-064FFB536934} https://dgegroup.ten...load/Upload.CAB (Upload.clsUpload)
O16 - DPF: {19F50ACB-5C69-4661-9697-BD100AE8DF08} https://dgegroup.ten...ckBooksLive.CAB (TQuickBooksLive.TQuickBooks)
O16 - DPF: {3E059DAB-6894-435C-B758-2977F014D734} https://dgegroup.ten...TClientProc.CAB (TClientProc.ClientSettings)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://dgegroup.ten...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1259950594571 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1259950666758 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9CF0560E-8FDC-45DB-8FBB-E7C9AE50BCE9} https://dgegroup.ten...orkflowMapX.cab (TWorkflowMapX.WorkflowMapX)
O16 - DPF: {A37AAD86-1B27-4B98-80CF-DAC66FB22F33} https://dgegroup.ten.../OWCPrinter.cab (OWC Helper Excel Print Object)
O16 - DPF: {AC017924-474A-4D75-B480-82473C5CA0F2} https://dgegroup.ten...TenroxOWC11.CAB (TenroxOWC11.TChart)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78075F7-D370-4AD3-916B-1526D095411D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/24 19:08:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/24 19:01:36 | 000,000,099 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O33 - MountPoints2\{2e5439de-756c-11df-b12e-0007e9c5703f}\Shell - "" = AutoRun
O33 - MountPoints2\{2e5439de-756c-11df-b12e-0007e9c5703f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e5439de-756c-11df-b12e-0007e9c5703f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a2a0f55c-62dd-11df-b120-0007e9c5703f}\Shell - "" = AutoRun
O33 - MountPoints2\{a2a0f55c-62dd-11df-b120-0007e9c5703f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2a0f55c-62dd-11df-b120-0007e9c5703f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 06:40:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/10/14 06:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/12 15:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Skype
[2011/10/09 22:51:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/10/09 22:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/10/09 22:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG 2012
[2011/10/09 22:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG Secure Search
[2011/10/09 22:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/09 22:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/09 22:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2011/10/09 22:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/09 21:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/09 21:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/10/09 19:31:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/09 15:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2011/10/09 15:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/10/09 15:04:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/09 15:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/09 14:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Security Sphere 2012
[2011/10/09 01:38:01 | 003,897,504 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\User\My Documents\avg_avct_stb_all_2012_1796_cm10.exe
[2011/10/09 01:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Downloads
[2011/10/09 00:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\gaaphfcr
[2011/10/09 00:29:16 | 000,000,000 | ---D | C] -- C:\Help
[2011/10/08 22:41:34 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/10/08 22:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/14 07:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Facets
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/14 07:35:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 06:15:57 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 06:15:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 08:26:28 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 08:09:36 | 106,488,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/13 07:23:23 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 15:28:41 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2011/10/11 16:27:57 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/10 12:24:45 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20111010_122402.reg
[2011/10/09 22:02:57 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2012.lnk
[2011/10/09 21:45:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/09 19:25:12 | 000,012,406 | ---- | M] () -- C:\Documents and Settings\User\Desktop\297985_1845408835005_1834186588_1265489_300355665_n.jpg
[2011/10/09 15:04:44 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 14:05:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/09 01:38:05 | 003,897,504 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\User\My Documents\avg_avct_stb_all_2012_1796_cm10.exe
[2011/10/09 01:02:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/09 00:50:38 | 000,136,015 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/10/09 00:50:26 | 000,183,856 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/10/09 00:41:16 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/10/07 13:11:03 | 000,005,210 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20111007_131054.reg
[2011/10/07 11:28:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/06 16:02:46 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2011/10/03 10:18:26 | 000,093,935 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ATT0000666764.jpg
[2011/10/01 09:24:50 | 000,010,947 | ---- | M] () -- C:\Documents and Settings\User\Desktop\305396_1825749222063_1790253175_1227652_2005563563_n.jpg
[2011/10/01 08:52:08 | 000,016,612 | ---- | M] () -- C:\Documents and Settings\User\Desktop\297688_1825642059384_1790253175_1227609_1524653768_n.jpg
[2011/09/30 20:25:51 | 000,153,992 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20110930_202543.reg
[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/09/20 19:21:15 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Word (2).lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/13 08:09:36 | 106,488,068 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/12 15:28:41 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2011/10/10 12:24:06 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20111010_122402.reg
[2011/10/09 22:02:57 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2012.lnk
[2011/10/09 19:25:10 | 000,012,406 | ---- | C] () -- C:\Documents and Settings\User\Desktop\297985_1845408835005_1834186588_1265489_300355665_n.jpg
[2011/10/09 15:04:44 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 13:50:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/09 01:02:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/09 00:50:38 | 000,136,015 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2011/10/09 00:50:26 | 000,183,856 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2011/10/09 00:41:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/10/07 13:11:00 | 000,005,210 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20111007_131054.reg
[2011/10/04 07:24:48 | 000,093,935 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ATT0000666764.jpg
[2011/10/01 09:24:49 | 000,010,947 | ---- | C] () -- C:\Documents and Settings\User\Desktop\305396_1825749222063_1790253175_1227652_2005563563_n.jpg
[2011/10/01 08:52:06 | 000,016,612 | ---- | C] () -- C:\Documents and Settings\User\Desktop\297688_1825642059384_1790253175_1227609_1524653768_n.jpg
[2011/09/30 20:25:46 | 000,153,992 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20110930_202543.reg
[2011/08/30 09:42:36 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll
[2011/08/30 09:42:17 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe
[2011/08/30 09:42:16 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe
[2011/05/10 06:56:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/24 08:28:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\bibstats
[2010/06/27 17:06:14 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 12:20:28 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/04/29 14:10:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2010/04/29 14:10:56 | 000,000,192 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2010/04/28 19:39:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PFP110JPR.{PB
[2010/04/28 19:39:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PFP110JCM.{PB
[2010/04/16 20:41:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/16 20:41:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/12/10 12:14:54 | 000,000,149 | ---- | C] () -- C:\WINDOWS\chartist.ini
[2009/12/09 20:39:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PFP100JPR.{PB
[2009/12/09 20:39:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PFP100JCM.{PB
[2009/12/09 20:37:23 | 000,000,325 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/12/09 20:23:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2009/12/09 20:06:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/09 19:42:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/12/09 18:20:46 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/04 11:47:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/04 11:45:03 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2009/12/04 11:37:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/04 11:31:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/04 04:21:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/04 04:20:44 | 000,218,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,494,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,084,746 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/04/03 10:54:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/12 01:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/04/27 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Trusteer
[2009/11/03 18:14:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/09 16:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/11/06 21:19:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2009/11/09 16:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/11/09 16:38:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/11/06 21:19:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/03/14 16:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GenuTax
[2009/03/22 10:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/03/22 09:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/05/10 11:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/10/09 01:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/04 09:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/22 14:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/14 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
[2011/10/10 15:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2009/12/09 19:24:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2011/08/29 20:41:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJEGV
[2011/08/21 19:04:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJMyPrinter
[2011/08/29 20:37:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJScan
[2011/08/21 19:04:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJSolutionMenu
[2011/10/09 22:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2011/03/08 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GenuTax
[2009/12/09 18:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM
[2009/12/09 18:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
[2011/10/13 08:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/08/30 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2011/08/30 11:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlotSoft
[2010/04/16 20:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap Games
[2011/08/30 14:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2010/06/11 13:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 10
[2011/08/30 09:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp
[2010/12/18 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2011/03/31 20:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer
[2010/01/24 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\XHEO INC
[2010/09/27 07:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/17 19:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/27 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User.WINDOWS\Application Data\Trusteer
[2010/11/20 18:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Canon Easy-WebPrint EX
[2009/11/09 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\Canon
[2009/11/06 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\Canon Easy-WebPrint EX
[2006/12/26 20:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\CD Viewer
[2003/08/09 17:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\Freedom
[2005/12/26 13:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\FUJIFILM
[2005/08/21 21:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\ispnews
[2008/08/04 09:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\Leadertech
[2006/12/23 11:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\OfficeUpdate12
[2006/10/04 20:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\OLYMPUS
[2008/06/17 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\SpinTop
[2006/09/03 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\Ulead Systems
[2008/01/11 18:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\UploadFiles
[2009/10/20 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\VirtualStore
[2006/09/17 08:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy Godlewski\Application Data\WholeSecurity
[2010/11/15 18:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\pandasecuritytb
[2010/11/15 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SurfSecret Privacy Suite
[2011/10/09 22:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG Secure Search
[2011/10/09 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG2012
[2011/08/29 20:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/08/29 20:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX
[2011/02/02 18:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Costco Photo Organizer
[2011/02/02 18:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Costco Photo Viewer CA-FR
[2010/05/24 10:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2011/07/29 17:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LinkedIn
[2011/08/30 14:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nuance
[2011/10/08 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2010/12/18 15:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TomTom
[2011/03/31 20:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer
[2011/08/30 14:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Zeon

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8

< End of report >

Attached Files

  • Attached File  OTL.Txt   110.49KB   37 downloads

  • 0

#12
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi there - finally got OTL to run and attached the results. One I could paste the other I had to attach as I kept getting booted out.

Thanks
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is not a problem, I feel I will need to follow up with a stonger tools as there are some file substitutions I am not happy about

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-507921405-1383384898-725345543-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [KeApplet] C:\WINDOWS\TEMP\ke64vrxlka.exe File not found
    O4 - HKU\S-1-5-18..\RunOnce: [KeApplet] C:\WINDOWS\TEMP\ke64vrxlka.exe File not found
    [2011/10/09 14:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Security Sphere 2012
    [2011/10/09 00:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\gaaphfcr

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts. It will ask to install the recovery console, allow it to do so

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#14
purplelavender

purplelavender

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK will do only as directed :). I noticed that in the logs it lists all the anti-virus programs I had download at one time or another. I did uninstall all except for Malwarebytes and AVG 2012.

Thanks
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They are not installed now, it is just windows way of keeping track
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP