Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BOOT.TIDSERV removal failed! [Closed] [Solved]


  • This topic is locked This topic is locked

#1
twonics

twonics

    New Member

  • Member
  • Pip
  • 7 posts
Please help! My Norton Internet Security has failed to remove 'Boot.Tidserv'.

It remains as an unresolved security risk (severity=high - status=attention required)

Norton's user forum advised me to run Kaspersky's TDSS Killer and Symantecs Tidserve Removal Tool. Neither worked. The Norton forum guys have admitted defeat and your website was one suggested by them that could help? My PC's files/documents/movies/photos etc are 'hidden' and cannot be accessed. The only programmes that start are Norton Internet/Spyhunter 4/Malware Bytes anti-malware (which detected the malware but failed to remove it). However, my pc boots up OK - the only plus!

Any help would be gratefully received.

thank you

Nicola
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - first priority is to get the files and folders back I feel, I will need you to run the first programme twice, a different mode each time

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

RUN 2

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

Here's the 1st RK Report:-

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mum and Dad [Admin rights]
Mode: Remove -- Date : 01/04/2012 15:19:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xBA648700)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f567c4a535f7a8d78851575fc9596dcf
[BSP] 5552c0dc4191488df4a64307c8144b31 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 302871 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 591561495 | Size: 17182 Mo
2 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 625121280 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 223abdc1a01bdcf7452f1d88154f483b
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 [VISIBLE] Offset (sectors): 32 | Size: 513 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


And here's the 2nd

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mum and Dad [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/04/2012 15:29:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 6 / Fail 0
Quick launch: Success 2 / Fail 0
Programs: Success 35741 / Fail 0
Start menu: Success 70 / Fail 0
User folder: Success 34415 / Fail 0
My documents: Success 5259 / Fail 0
My favorites: Success 52 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 67447 / Fail 21
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk1\DP(1)0-0+5 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


I'll now run the OTL so will reply again once that's finished.

Thanks

Nicola
  • 0

#4
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again - here is the OLT.txt

TL logfile created on: 04/01/2012 15:50:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.85% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 238.11 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 15:47:10 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mum and Dad\Local Settings\Temporary Internet Files\Content.IE5\H7L19BA5\aswMBR[1].exe
PRC - [2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/10 18:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/03/14 17:19:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 15:21:16 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/25 19:31:40 | 000,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/10 18:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/08 05:27:37 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/30 21:13:26 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3070_B611.dll
MOD - [2010/02/06 10:12:20 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/02/06 10:12:20 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0134021245689705mcinstcleanup) McAfee Application Installer Cleanup (0134021245689705)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 15:21:16 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/23 16:20:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/23 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/23 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/23 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/15 16:58:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/27 00:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/08 05:27:37 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 02:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/26 02:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/05/06 15:03:41 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 15:21:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 15:21:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 15:21:19 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 15:21:19 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 15:21:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:45:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/19 16:03:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/12/12 18:55:36 | 004,635,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/10 20:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/06 18:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/06 18:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/25 09:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/01/04 14:50:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\


O1 HOSTS File: ([2011/12/26 07:13:51 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20100825015613 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.go...7/uploader2.cab (UploadListView Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/26 07:13:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 15:36:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Desktop\RK_Quarantine
[2012/01/02 17:49:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/02 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Application Data\Malwarebytes
[2012/01/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 15:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 15:11:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/02 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder (2)
[2012/01/02 14:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder
[2011/12/26 07:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\SpyHunter
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/26 07:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/12/25 09:16:44 | 000,000,000 | ---D | C] -- C:\0d598755100b66f6538a1d718b0f
[2011/12/25 09:16:00 | 000,000,000 | ---D | C] -- C:\eed7361ef79b4f60c714275f74564d
[2011/12/24 17:15:55 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdi.sys
[2011/12/24 17:15:55 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/12/24 17:15:54 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/12/24 17:15:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.sys
[2011/12/24 17:15:54 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/12/24 17:15:53 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/12/24 17:15:52 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/12/24 17:15:52 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/12/24 17:15:51 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/12/24 17:15:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1302000.00A
[2011/12/24 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\NPE
[2011/12/24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\My Documents\Symantec
[2011/12/24 14:13:52 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/24 14:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/24 14:12:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mum and Dad\Recent
[2011/12/24 13:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\System Fix
[2011/12/24 13:26:41 | 000,000,000 | ---D | C] -- C:\8c863fcb97cbb0fb1b55d72fa8
[2011/12/24 13:26:33 | 000,000,000 | ---D | C] -- C:\322eba50b9d0be9874ffed
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/24 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 13:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 13:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/06/22 16:55:18 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 15:48:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:36:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 15:21:15 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/04 15:01:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/01/04 14:49:06 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/04 14:47:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 14:47:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 14:47:10 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 19:14:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/02 18:04:24 | 011,936,085 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/01 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/31 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/26 07:01:44 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/12/25 19:43:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 18:05:22 | 000,628,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/25 18:05:16 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 17:59:18 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 17:16:11 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:51 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:54:25 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5y
[2011/12/24 13:54:25 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5yr
[2011/12/24 13:53:58 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eFn9ptqHDiEQ5y
[2011/12/24 13:53:39 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/24 13:53:39 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\System Fix.lnk
[2011/12/24 12:53:28 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelOr
[2011/12/19 12:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:52:06 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 19:54:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 15:48:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:18:48 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/02 18:04:18 | 011,936,085 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/25 18:05:16 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 18:04:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/12/25 09:11:55 | 000,628,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/24 17:16:59 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 17:15:55 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/12/24 17:15:54 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/12/24 17:15:54 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/12/24 17:15:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/12/24 17:15:54 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/12/24 17:15:54 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/12/24 17:15:53 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/12/24 17:15:53 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.cat
[2011/12/24 17:15:53 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.inf
[2011/12/24 17:15:53 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.cat
[2011/12/24 17:15:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/12/24 17:15:52 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.inf
[2011/12/24 17:15:51 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/12/24 17:15:51 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/12/24 17:15:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/12/24 14:13:52 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:52 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:54:25 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5y
[2011/12/24 13:54:25 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5yr
[2011/12/24 13:53:39 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/24 13:53:39 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\System Fix.lnk
[2011/12/24 13:53:32 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eFn9ptqHDiEQ5y
[2011/12/24 13:17:04 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 12:50:09 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelOr
[2011/12/24 12:49:57 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yiFlXPHKEBPelO
[2011/09/16 02:05:17 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 18:14:09 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3070_B611.dll
[2011/09/06 18:12:10 | 000,000,057 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/03/04 15:30:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\GeoEditAVIDll.dll
[2010/02/24 19:40:21 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 13:04:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 18:57:25 | 000,057,236 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/03 16:40:47 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/07/03 16:40:47 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/06/22 18:27:38 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/22 16:55:19 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2009/06/22 16:55:18 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009/06/09 09:32:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/09 09:14:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/09 08:58:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/01 14:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 14:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 13:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/10/24 10:12:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/10/24 10:10:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/10/24 10:10:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/10/24 10:10:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/10/24 10:10:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/10/24 10:10:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/10/24 10:10:32 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/10/24 10:10:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/10/24 10:10:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/10/24 10:10:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/10/24 10:10:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/10/24 10:10:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/10/24 10:10:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/10/24 10:09:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/10/24 10:08:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2006/10/24 10:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2006/10/24 10:08:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2006/10/11 11:17:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\sg50SDOApplication.dll
[2006/09/20 08:54:46 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2006/09/20 07:54:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2006/09/20 07:54:30 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2006/09/20 07:54:24 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2006/04/25 18:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 17:43:54 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 17:43:54 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 17:39:48 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 17:31:56 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 17:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/28 03:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/08 06:19:56 | 000,001,187 | -H-- | C] () -- C:\WINDOWS\Sageintl.ini
[2003/01/08 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 07:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 07:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 10:12:22 | 000,000,829 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 09:27:54 | 000,000,005 | --S- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 08:53:58 | 000,015,892 | -H-- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== LOP Check ==========

[2010/10/30 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/06 10:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/22 18:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/02/12 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/06/09 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/05 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/22 17:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/04/28 06:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\alot
[2011/04/20 05:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\SampleView
[2011/02/12 09:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Trusteer
[2011/02/07 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\alot
[2011/04/18 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\SampleView
[2011/02/12 09:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\Trusteer
[2012/01/01 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/31 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/01/02 19:14:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/01/02 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4141A5AD-D72E-4BF7-B07F-6733C6D6CEA8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{866CDCA3-310D-435A-83E8-71E3389D5BA9}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A649F942-1D4B-405B-A117-7A7C057C18EE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AAC2D6EA-2FB9-42A6-8999-0EF445AB4E5A}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/02/28 02:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >

Here is the Extras.tx

OTL Extras logfile created on: 04/01/2012 15:50:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.85% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 238.11 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3070 B611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3070 B611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}" = SpyHunter
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.0
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Help
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A325E12D-09FA-4FA3-813B-A4D456E77460}" = CMS
"{A70D6CCA-3298-4206-B42A-6FECBA595E71}" = Hector's World Safety Button
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4D56B7A-139B-41E7-89DA-98FCCF3F948D}" = Sage Accounts
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E51E24A4-B1E2-4B51-9217-F3FD6F4334D2}" = HP Deskjet 3070 B611 series Basic Device Software
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8D4143B-6DB7-4D9B-8B69-275606FDA269}" = HP Deskjet 3070 B611 series Product Improvement Study
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Employment Law 2828" = Employment Law 28
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{B4D56B7A-139B-41E7-89DA-98FCCF3F948D}" = Sage Accounts 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"Stylin' Studio_is1" = Stylin' Studio v1.0
"WebSTAR DPX2100 Uninstall" = Scientific Atlanta WebSTAR 2000 series Cable Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/01/2012 12:47:25 | Computer Name = HP40661939415 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23234

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23234

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129860

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129860

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 137704

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 137704

[ Application Events ]
Error - 02/01/2012 12:47:25 | Computer Name = HP40661939415 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23234

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23234

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129860

Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129860

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 137704

Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 137704

[ OSession Events ]
Error - 17/08/2009 16:33:24 | Computer Name = HP40661939415 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14180
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/12/2011 05:14:57 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 05:14:57 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 07:36:48 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 07:59:24 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 08:11:31 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 12:30:09 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 25/12/2011 13:39:21 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 01/01/2012 08:42:11 | Computer Name = HP40661939415 | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 02/01/2012 11:37:58 | Computer Name = HP40661939415 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR210\0000 disappeared from the system without
first being prepared for removal.

Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = PSched | ID = 14103
Description = QoS [Adapter {18D094A4-6E8F-428F-AFCA-2F0176FAA63A}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

And here is the aswMBR scan text

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 15:47:13
-----------------------------
15:47:13.265 OS Version: Windows 5.1.2600 Service Pack 3
15:47:13.265 Number of processors: 2 586 0x1706
15:47:13.265 ComputerName: HP40661939415 UserName: Mum and Dad
15:47:14.703 Initialize success
15:47:42.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:47:42.625 Disk 0 Vendor: WDC_WD3200AAJS-60M0A0 02.03E02 Size: 305245MB BusType: 3
15:47:42.640 Disk 0 MBR read successfully
15:47:42.640 Disk 0 MBR scan
15:47:42.640 Disk 0 unknown MBR code
15:47:42.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 288840 MB offset 63
15:47:42.656 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 16386 MB offset 591561495
15:47:42.671 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 625121280
15:47:42.671 Disk 0 scanning sectors +625142432
15:47:42.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:47:51.296 Service scanning
15:47:52.250 Modules scanning
15:47:59.265 Disk 0 trace - called modules:
15:47:59.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:47:59.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8b5ab8]
15:47:59.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a83cf18]
15:47:59.281 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a88a940]
15:47:59.281 Scan finished successfully
15:48:12.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat"
15:48:12.671 The log file has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\aswMBR.txt"


I really hope that's all OK - wasn't sure whether to just paste text or to save the .txt files and attach. Apologies if I chose the wrong way to do it! Thanks so much for your help and your guidance.

Nicola
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again - you have multiple infections so I will try and get them as close as I can in one go.. This will be a long fix .

Please read it carefully a few times and do one stage at a time. If at any stage you are unsure then shout. Save all the logs until the end

STEP 1

Re-run RogueKiller one more time with option 6 selected

STEP 2

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/24 13:54:25 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5y
    [2011/12/24 13:54:25 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5yr
    [2011/12/24 13:53:58 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eFn9ptqHDiEQ5y
    [2011/12/24 13:53:39 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/24 13:53:39 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\System Fix.lnk
    [2011/12/24 12:53:28 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiFlXPHKEBPelO
    [2011/12/24 12:50:09 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelO
    [2011/12/24 12:50:09 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelOr

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

STEP 3

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks.
  • Also we will require the recovery console so please allow combofix to download and install that

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

STEP 4

I see that a repair to a TDL4 stealth infection has been made
But the partition is left
We will need to remove that using disc management
There is a guide with pictures here
The partition that you need to delete is this one

15:47:42.671 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 625121280

It's size is 10 MB this contains the malware files

Re-run aswMBR to confirm that the extra partition has gone
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Could you post the logs please and let me know the current situation
  • 0

#8
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK, thank you so much for re-opening this log!

Here's the RKReport.txt

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mum and Dad [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/05/2012 15:52:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 19 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 21 / Fail 22
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk1\DP(1)0-0+5 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt


Here's the OTL Report

OTL logfile created on: 05/01/2012 16:10:16 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.22% Memory free
3.84 Gb Paging File | 3.07 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 242.52 Gb Free Space | 85.98% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/10 18:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/03/14 17:19:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 15:21:16 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/25 19:31:40 | 000,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/10 18:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/08 05:27:37 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/30 21:13:26 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3070_B611.dll
MOD - [2010/02/06 10:12:20 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/02/06 10:12:20 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0134021245689705mcinstcleanup) McAfee Application Installer Cleanup (0134021245689705)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 15:21:16 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/23 16:20:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120104.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/23 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/23 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/23 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.032\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/15 16:58:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/27 00:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/08 05:27:37 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 02:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/26 02:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/05/06 15:03:41 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 15:21:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 15:21:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 15:21:19 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 15:21:19 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 15:21:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:45:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/19 16:03:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/12/12 18:55:36 | 004,635,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/10 20:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/06 18:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/06 18:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/25 09:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/01/05 16:10:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\


O1 HOSTS File: ([2012/01/05 15:58:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20100825015613 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.go...7/uploader2.cab (UploadListView Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/26 07:13:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 15:58:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/04 15:36:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Desktop\RK_Quarantine
[2012/01/02 17:49:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/02 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Application Data\Malwarebytes
[2012/01/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 15:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 15:11:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/02 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder (2)
[2012/01/02 14:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder
[2011/12/26 07:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\SpyHunter
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/26 07:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/12/25 09:16:44 | 000,000,000 | ---D | C] -- C:\0d598755100b66f6538a1d718b0f
[2011/12/25 09:16:00 | 000,000,000 | ---D | C] -- C:\eed7361ef79b4f60c714275f74564d
[2011/12/24 17:15:55 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdi.sys
[2011/12/24 17:15:55 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/12/24 17:15:54 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/12/24 17:15:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.sys
[2011/12/24 17:15:54 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/12/24 17:15:53 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/12/24 17:15:52 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/12/24 17:15:52 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/12/24 17:15:51 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/12/24 17:15:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1302000.00A
[2011/12/24 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\NPE
[2011/12/24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\My Documents\Symantec
[2011/12/24 14:13:52 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/24 14:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/24 14:12:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mum and Dad\Recent
[2011/12/24 13:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\System Fix
[2011/12/24 13:26:41 | 000,000,000 | ---D | C] -- C:\8c863fcb97cbb0fb1b55d72fa8
[2011/12/24 13:26:33 | 000,000,000 | ---D | C] -- C:\322eba50b9d0be9874ffed
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/24 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 13:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 13:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/06/22 16:55:18 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys

========== Files - Modified Within 30 Days ==========

[2012/01/05 16:08:34 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 16:07:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 16:07:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 16:07:09 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 16:01:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/01/05 15:58:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/05 15:53:09 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 15:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 15:48:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/02 18:04:24 | 011,936,085 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/26 07:01:44 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/12/25 19:43:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 18:05:22 | 000,628,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/25 18:05:16 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 17:59:18 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 17:16:11 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:51 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/19 12:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:52:06 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 19:54:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/04 15:48:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:18:48 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/02 18:04:18 | 011,936,085 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/25 18:05:16 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 18:04:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/12/25 09:11:55 | 000,628,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/24 17:16:59 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 17:15:55 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/12/24 17:15:54 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/12/24 17:15:54 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/12/24 17:15:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/12/24 17:15:54 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/12/24 17:15:54 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/12/24 17:15:53 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/12/24 17:15:53 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.cat
[2011/12/24 17:15:53 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.inf
[2011/12/24 17:15:53 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.cat
[2011/12/24 17:15:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/12/24 17:15:52 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.inf
[2011/12/24 17:15:51 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/12/24 17:15:51 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/12/24 17:15:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/12/24 14:13:52 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:52 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:17:04 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/09/16 02:05:17 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 18:14:09 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3070_B611.dll
[2011/09/06 18:12:10 | 000,000,057 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/03/04 15:30:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\GeoEditAVIDll.dll
[2010/02/24 19:40:21 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 13:04:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 18:57:25 | 000,057,236 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/03 16:40:47 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/07/03 16:40:47 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/06/22 18:27:38 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/22 16:55:19 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2009/06/22 16:55:18 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009/06/09 09:32:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/09 09:14:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/09 08:58:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/01 14:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 14:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 13:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/10/24 10:12:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/10/24 10:10:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/10/24 10:10:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/10/24 10:10:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/10/24 10:10:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/10/24 10:10:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/10/24 10:10:32 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/10/24 10:10:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/10/24 10:10:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/10/24 10:10:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/10/24 10:10:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/10/24 10:10:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/10/24 10:10:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/10/24 10:09:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/10/24 10:08:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2006/10/24 10:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2006/10/24 10:08:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2006/10/11 11:17:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\sg50SDOApplication.dll
[2006/09/20 08:54:46 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2006/09/20 07:54:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2006/09/20 07:54:30 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2006/09/20 07:54:24 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2006/04/25 18:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 17:43:54 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 17:43:54 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 17:39:48 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 17:31:56 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 17:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/28 03:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/08 06:19:56 | 000,001,187 | -H-- | C] () -- C:\WINDOWS\Sageintl.ini
[2003/01/08 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 07:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 07:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 10:12:22 | 000,000,829 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 09:27:54 | 000,000,005 | --S- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 08:53:58 | 000,015,892 | -H-- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== LOP Check ==========

[2010/10/30 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/06 10:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/22 18:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/02/12 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/06/09 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/05 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/22 17:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/07 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\alot
[2011/04/18 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\SampleView
[2011/02/12 09:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\Trusteer

========== Purity Check ==========



< End of report >


I then ran the combofix. It gave a couple of messages - "rootkit is detected - please be patient". I left it running and after 15 mins came back and the screen was just showing my wall paper. I didn't know if this was usual so left it overnight - still no change. So I shut the pc down and rebooted. No otl.txt report was showing.

I haven't run the combofix again and I also didn't attempt the Step 4.

Thanks
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run combofix please and allow it to update,

Also I would like a fresh run with an updated aswMBR, so delete the current copy from your desktop

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#10
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK, thanks for the reply and bearing with me!

Here's the aswMBR:-

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 18:06:24
-----------------------------
18:06:24.859 OS Version: Windows 5.1.2600 Service Pack 3
18:06:24.859 Number of processors: 2 586 0x1706
18:06:24.859 ComputerName: HP40661939415 UserName: Mum and Dad
18:06:26.218 Initialize success
18:14:31.187 AVAST engine defs: 12011200
18:15:33.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:15:33.125 Disk 0 Vendor: WDC_WD3200AAJS-60M0A0 02.03E02 Size: 305245MB BusType: 3
18:15:33.140 Disk 0 MBR read successfully
18:15:33.140 Disk 0 MBR scan
18:15:33.187 Disk 0 unknown MBR code
18:15:33.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 288840 MB offset 63
18:15:33.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 16386 MB offset 591561495
18:15:33.234 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 625121280
18:15:33.234 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
18:15:33.234 Disk 0 scanning sectors +625142432
18:15:33.296 Disk 0 scanning C:\WINDOWS\system32\drivers
18:15:43.296 Service scanning
18:15:44.187 Modules scanning
18:15:51.671 Disk 0 trace - called modules:
18:15:51.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:15:51.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8b8ab8]
18:15:51.718 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a8f0f18]
18:15:51.718 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a83d940]
18:15:52.343 AVAST engine scan C:\WINDOWS
18:16:02.859 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
18:16:06.312 AVAST engine scan C:\WINDOWS\system32
18:17:46.953 AVAST engine scan C:\WINDOWS\system32\drivers
18:18:04.656 AVAST engine scan C:\Documents and Settings\Mum and Dad
18:20:45.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat"
18:20:45.812 The log file has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\aswMBR.tx

I then ran the combofix again - started it at 1912hrs; at 1916hrs a message came up "Rootkit is detected. Be patient as this may take some moments". I didn't do anything just let it run but I kept checking it every five minutes and the clock didn't change from 1916hrs - so I guess it must have hung? I didn't want to shut it down just in case so basically left it on all night. But in the morning it was still saying the same message, the time was still 1916hrs and there was no combofix report. Both this time and last time I ran the Combofix I made sure Norton & Spyhunder were inactive and couldn't interfere with combofix.

Sorry that me and my pc are being such a pain and not cooperating!!

thanks

Nicola
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

18:15:33.234 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 625121280
18:15:33.234 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]

This is the problem, so we need to remove it

Following the directions on this page remove the 10MB partition from your computer

Reboot and then run a fresh OTL quick scan for me please. Also let me know what problems you are experiencing
  • 0

#12
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi again

I've removed the 10mb partition and here's the report from the a fresh OTL quick scan. I've done a quick check on the computer and everything seems absolutely fine - all folders/pics/movies are there - I can connect to the internet - so don't appear to be experiencing any problems now at all. Norton is no longer detecting 'boot.tidserve' either!

OTL logfile created on: 14/01/2012 14:36:58 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.81% Memory free
3.84 Gb Paging File | 3.23 Gb Available in Paging File | 84.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 242.39 Gb Free Space | 85.93% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/10 18:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/25 19:31:40 | 000,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/10 18:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/08 05:27:37 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/30 21:13:26 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3070_B611.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0134021245689705mcinstcleanup) McAfee Application Installer Cleanup (0134021245689705)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/23 16:20:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120111.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/23 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120112.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/23 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/23 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120112.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/15 16:58:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/01 02:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/27 00:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/08 05:27:37 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 02:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/26 02:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/12/12 18:55:36 | 004,635,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/10 20:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/06 18:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/06 18:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/25 09:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/01/14 14:37:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\


O1 HOSTS File: ([2012/01/05 15:58:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20100825015613 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} http://ua.foto.com/ImageUploader6.cab (Uploader Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.go...7/uploader2.cab (UploadListView Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/26 07:13:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 19:12:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/12 18:05:47 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mum and Dad\Desktop\aswMBR.exe
[2012/01/05 16:36:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/05 16:33:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/05 16:33:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/05 16:33:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/05 16:33:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/05 16:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/05 16:23:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/05 16:22:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Administrative Tools
[2012/01/05 16:19:15 | 004,381,975 | R--- | C] (Swearware) -- C:\Documents and Settings\Mum and Dad\Desktop\ComboFix.exe
[2012/01/05 15:58:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/04 15:36:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Desktop\RK_Quarantine
[2012/01/02 17:49:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/02 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Application Data\Malwarebytes
[2012/01/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 15:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 15:11:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/02 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder (2)
[2012/01/02 14:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder
[2011/12/26 07:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\SpyHunter
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/26 07:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/12/25 09:16:44 | 000,000,000 | ---D | C] -- C:\0d598755100b66f6538a1d718b0f
[2011/12/25 09:16:00 | 000,000,000 | ---D | C] -- C:\eed7361ef79b4f60c714275f74564d
[2011/12/24 17:15:55 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdi.sys
[2011/12/24 17:15:55 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/12/24 17:15:54 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/12/24 17:15:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.sys
[2011/12/24 17:15:54 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/12/24 17:15:53 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/12/24 17:15:52 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/12/24 17:15:52 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/12/24 17:15:51 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/12/24 17:15:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1302000.00A
[2011/12/24 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\NPE
[2011/12/24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\My Documents\Symantec
[2011/12/24 14:13:52 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/24 14:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/24 14:12:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mum and Dad\Recent
[2011/12/24 13:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\System Fix
[2011/12/24 13:26:41 | 000,000,000 | ---D | C] -- C:\8c863fcb97cbb0fb1b55d72fa8
[2011/12/24 13:26:33 | 000,000,000 | ---D | C] -- C:\322eba50b9d0be9874ffed
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/24 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 13:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 13:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/06/22 16:55:18 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys

========== Files - Modified Within 30 Days ==========

[2012/01/14 14:36:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 14:36:12 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/14 14:35:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 14:35:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/14 14:35:20 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/13 16:01:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/01/12 18:23:20 | 004,381,975 | R--- | M] (Swearware) -- C:\Documents and Settings\Mum and Dad\Desktop\ComboFix.exe
[2012/01/12 18:20:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/12 18:05:47 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mum and Dad\Desktop\aswMBR.exe
[2012/01/05 16:36:58 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/01/05 15:58:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/05 15:53:09 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/02 18:04:24 | 011,936,085 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/26 07:01:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/25 19:43:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 18:05:22 | 000,628,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/25 18:05:16 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 17:59:18 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 17:16:11 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:51 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/19 12:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:52:06 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 19:54:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/01/12 18:20:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/05 16:36:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/05 16:36:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/05 16:33:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/05 16:33:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/05 16:33:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/05 16:33:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/05 16:33:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/04 15:18:48 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/02 18:04:18 | 011,936,085 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/25 18:05:16 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 18:04:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/12/25 09:11:55 | 000,628,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/24 17:16:59 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 17:15:55 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/12/24 17:15:54 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/12/24 17:15:54 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/12/24 17:15:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/12/24 17:15:54 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/12/24 17:15:54 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/12/24 17:15:53 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/12/24 17:15:53 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.cat
[2011/12/24 17:15:53 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.inf
[2011/12/24 17:15:53 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.cat
[2011/12/24 17:15:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/12/24 17:15:52 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.inf
[2011/12/24 17:15:51 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/12/24 17:15:51 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/12/24 17:15:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/12/24 14:13:52 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:52 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:17:04 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/09/16 02:05:17 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 18:14:09 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3070_B611.dll
[2011/09/06 18:12:10 | 000,000,057 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/03/04 15:30:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\GeoEditAVIDll.dll
[2010/02/24 19:40:21 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 13:04:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 18:57:25 | 000,057,236 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/03 16:40:47 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/07/03 16:40:47 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/06/22 18:27:38 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/22 16:55:19 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2009/06/22 16:55:18 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009/06/09 09:32:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/09 09:14:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/09 08:58:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/01 14:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 14:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 13:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/10/24 10:12:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/10/24 10:10:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/10/24 10:10:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/10/24 10:10:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/10/24 10:10:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/10/24 10:10:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/10/24 10:10:32 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/10/24 10:10:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/10/24 10:10:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/10/24 10:10:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/10/24 10:10:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/10/24 10:10:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/10/24 10:10:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/10/24 10:09:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/10/24 10:08:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2006/10/24 10:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2006/10/24 10:08:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2006/10/11 11:17:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\sg50SDOApplication.dll
[2006/09/20 08:54:46 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2006/09/20 07:54:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2006/09/20 07:54:30 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2006/09/20 07:54:24 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2006/04/25 18:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 17:43:54 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 17:43:54 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 17:39:48 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 17:31:56 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 17:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/28 03:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/08 06:19:56 | 000,001,187 | -H-- | C] () -- C:\WINDOWS\Sageintl.ini
[2003/01/08 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 07:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 07:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 10:12:22 | 000,000,829 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 09:27:54 | 000,000,005 | --S- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 08:53:58 | 000,015,892 | -H-- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== LOP Check ==========

[2012/01/05 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/22 18:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/02/12 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/06/09 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/05 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/22 17:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/07 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\alot
[2011/04/18 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\SampleView
[2011/02/12 09:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\Trusteer

========== Purity Check ==========



< End of report >
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#14
twonics

twonics

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you sooooo much! Sending many virtual thanks from all my family (my 2 x kids and husband who have all been absolutely at a loss without their pc). You have been an absolute star - I really can't thank you enough. It is a really wonderful thing that you do. So thank you again for your time, commitment and patience. My children are unbelievably grateful to have the computer back - bbc iplayer here they come!!! I've done everything you've suggested to keep the pc protected. THANK YOU, THANK YOU, THANK YOU!!!!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Glad to be of assistance. Your thanks have made my day

Keep safe now :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP