Hi again - here is the OLT.txt
TL logfile created on: 04/01/2012 15:50:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.85% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 238.11 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT
Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/01/04 15:47:10 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mum and Dad\Local Settings\Temporary Internet Files\Content.IE5\H7L19BA5\aswMBR[1].exe
PRC - [2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/10 18:30:48 | 004,712,864 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/03/14 17:19:01 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 15:21:16 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/25 19:31:40 | 000,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ========== MOD - [2011/10/10 18:15:08 | 000,936,960 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/08 05:27:37 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/03/30 21:13:26 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3070_B611.dll
MOD - [2010/02/06 10:12:20 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/02/06 10:12:20 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (0134021245689705mcinstcleanup) McAfee Application Installer Cleanup (0134021245689705)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/10 18:30:40 | 000,736,672 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/26 09:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 17:19:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 15:21:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 15:21:16 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 18:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 02:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ========== DRV - [2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/23 16:20:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/23 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/23 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/23 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120104.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/15 16:58:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/09/27 00:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/08 05:27:37 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 02:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/26 02:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/05/06 15:03:41 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 15:21:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 15:21:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 15:21:19 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 15:21:19 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 15:21:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:45:36 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/19 16:03:14 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/06 10:12:19 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2007/12/12 18:55:36 | 004,635,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/10 20:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.comIE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.comIE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.com IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/06 18:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/06 18:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/25 09:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/01/04 14:50:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\
O1 HOSTS File: ([2011/12/26 07:13:51 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-972761830-1654638085-4244541630-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D}
http://assets.photob...?20100825015613 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2}
http://bq.kp.2020.ne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0}
http://ua.foto.com/ImageUploader6.cab (Uploader Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68}
https://picasaweb.go...7/uploader2.cab (UploadListView Class)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E}
https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/26 07:13:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | --S- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/01/04 15:36:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Desktop\RK_Quarantine
[2012/01/02 17:49:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/02 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Application Data\Malwarebytes
[2012/01/02 15:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 15:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/02 15:11:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/02 15:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 14:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder (2)
[2012/01/02 14:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\New Folder
[2011/12/26 07:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\SpyHunter
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/26 07:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/26 07:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/12/25 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/12/25 18:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/12/25 09:16:44 | 000,000,000 | ---D | C] -- C:\0d598755100b66f6538a1d718b0f
[2011/12/25 09:16:00 | 000,000,000 | ---D | C] -- C:\eed7361ef79b4f60c714275f74564d
[2011/12/24 17:15:55 | 000,387,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdi.sys
[2011/12/24 17:15:55 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/12/24 17:15:54 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/12/24 17:15:54 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.sys
[2011/12/24 17:15:54 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/12/24 17:15:53 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/12/24 17:15:52 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/12/24 17:15:52 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/12/24 17:15:51 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/12/24 17:15:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1302000.00A
[2011/12/24 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\NPE
[2011/12/24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\My Documents\Symantec
[2011/12/24 14:13:52 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/24 14:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/24 14:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/24 14:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/24 14:12:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mum and Dad\Recent
[2011/12/24 13:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\System Fix
[2011/12/24 13:26:41 | 000,000,000 | ---D | C] -- C:\8c863fcb97cbb0fb1b55d72fa8
[2011/12/24 13:26:33 | 000,000,000 | ---D | C] -- C:\322eba50b9d0be9874ffed
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/24 13:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/24 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 13:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/24 13:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/06/22 16:55:18 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/01/04 15:48:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:36:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mum and Dad\Desktop\OTL.exe
[2012/01/04 15:36:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 15:21:15 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/04 15:01:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/01/04 14:49:06 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/04 14:47:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 14:47:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 14:47:10 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 19:14:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/02 18:04:24 | 011,936,085 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/01/01 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/31 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 07:13:51 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/26 07:01:44 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/12/25 19:43:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 18:05:22 | 000,628,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/25 18:05:16 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 17:59:18 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 17:16:11 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 14:13:51 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/24 14:13:51 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/24 14:13:51 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:51 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:54:25 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5y
[2011/12/24 13:54:25 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5yr
[2011/12/24 13:53:58 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eFn9ptqHDiEQ5y
[2011/12/24 13:53:39 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/24 13:53:39 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Mum and Dad\Desktop\System Fix.lnk
[2011/12/24 12:53:28 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelOr
[2011/12/19 12:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/16 15:52:06 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 19:54:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/01/04 15:48:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat
[2012/01/04 15:18:48 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/02 18:04:18 | 011,936,085 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\My Documents\Unresolved Security Risks.mcf
[2012/01/02 15:11:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/26 07:13:51 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/26 07:13:22 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\SpyHunter.lnk
[2011/12/25 18:05:16 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/12/25 18:04:23 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
[2011/12/25 09:11:55 | 000,628,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/24 17:16:59 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/24 17:15:55 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/12/24 17:15:54 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/12/24 17:15:54 | 000,007,498 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/12/24 17:15:54 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/12/24 17:15:54 | 000,003,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/12/24 17:15:54 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/12/24 17:15:53 | 000,007,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/12/24 17:15:53 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.cat
[2011/12/24 17:15:53 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symds.inf
[2011/12/24 17:15:53 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/12/24 17:15:52 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.cat
[2011/12/24 17:15:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/12/24 17:15:52 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\iron.inf
[2011/12/24 17:15:51 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/12/24 17:15:51 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/12/24 17:15:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/12/24 14:13:52 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/24 14:13:52 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/24 14:13:44 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/24 13:54:25 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5y
[2011/12/24 13:54:25 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eFn9ptqHDiEQ5yr
[2011/12/24 13:53:39 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/24 13:53:39 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\System Fix.lnk
[2011/12/24 13:53:32 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eFn9ptqHDiEQ5y
[2011/12/24 13:17:04 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Mum and Dad\Desktop\Norton Installation Files.lnk
[2011/12/24 12:50:09 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelO
[2011/12/24 12:50:09 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~yiFlXPHKEBPelOr
[2011/12/24 12:49:57 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yiFlXPHKEBPelO
[2011/09/16 02:05:17 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 18:14:09 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3070_B611.dll
[2011/09/06 18:12:10 | 000,000,057 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/03/04 15:30:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\GeoEditAVIDll.dll
[2010/02/24 19:40:21 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 13:04:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 18:57:25 | 000,057,236 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/03 16:40:47 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009/07/03 16:40:47 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/06/22 18:27:38 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/22 16:55:19 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2009/06/22 16:55:18 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2K.exe
[2009/06/09 09:32:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/09 09:14:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/09 08:58:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/01 14:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 14:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 13:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/10/24 10:12:06 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/10/24 10:10:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2006/10/24 10:10:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2006/10/24 10:10:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2006/10/24 10:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2006/10/24 10:10:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2006/10/24 10:10:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2006/10/24 10:10:32 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2006/10/24 10:10:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2006/10/24 10:10:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2006/10/24 10:10:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2006/10/24 10:10:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2006/10/24 10:10:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2006/10/24 10:10:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2006/10/24 10:09:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2006/10/24 10:08:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2006/10/24 10:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2006/10/24 10:08:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2006/10/11 11:17:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\sg50SDOApplication.dll
[2006/09/20 08:54:46 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2006/09/20 07:54:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2006/09/20 07:54:30 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2006/09/20 07:54:24 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2006/04/25 18:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 17:43:54 | 000,492,132 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 17:43:54 | 000,090,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 17:39:48 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 17:31:56 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 17:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/28 03:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 03:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/08 06:19:56 | 000,001,187 | -H-- | C] () -- C:\WINDOWS\Sageintl.ini
[2003/01/08 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 07:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 07:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 10:12:22 | 000,000,829 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 09:27:54 | 000,000,005 | --S- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 08:53:58 | 000,015,892 | -H-- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/25 23:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
========== LOP Check ========== [2010/10/30 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/06 10:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/22 18:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 18:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/02/12 09:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/06/09 09:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/05/05 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 14:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/22 17:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/04/28 06:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\alot
[2011/04/20 05:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\SampleView
[2011/02/12 09:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\Trusteer
[2011/02/07 15:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\alot
[2011/04/18 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\AVG9
[2010/02/24 19:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\FUJIFILM
[2009/06/09 09:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\SampleView
[2011/02/12 09:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum and Dad\Application Data\Trusteer
[2012/01/01 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/31 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/01/02 19:14:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/01/02 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2006/02/28 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2006/02/28 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{18D094A4-6E8F-428F-AFCA-2F0176FAA63A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4141A5AD-D72E-4BF7-B07F-6733C6D6CEA8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{866CDCA3-310D-435A-83E8-71E3389D5BA9}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A649F942-1D4B-405B-A117-7A7C057C18EE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AAC2D6EA-2FB9-42A6-8999-0EF445AB4E5A}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/02/28 02:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < >< End of report >
Here is the Extras.tx
OTL Extras logfile created on: 04/01/2012 15:50:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mum and Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.85% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 282.07 Gb Total Space | 238.11 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive D: | 16.00 Gb Total Space | 11.72 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive F: | 489.84 Mb Total Space | 488.00 Mb Free Space | 99.62% Space Free | Partition Type: FAT
Computer Name: HP40661939415 | User Name: Mum and Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3070 B611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3070 B611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}" = SpyHunter
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.0
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Help
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A325E12D-09FA-4FA3-813B-A4D456E77460}" = CMS
"{A70D6CCA-3298-4206-B42A-6FECBA595E71}" = Hector's World Safety Button
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4D56B7A-139B-41E7-89DA-98FCCF3F948D}" = Sage Accounts
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E51E24A4-B1E2-4B51-9217-F3FD6F4334D2}" = HP Deskjet 3070 B611 series Basic Device Software
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8D4143B-6DB7-4D9B-8B69-275606FDA269}" = HP Deskjet 3070 B611 series Product Improvement Study
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Employment Law 2828" = Employment Law 28
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{B4D56B7A-139B-41E7-89DA-98FCCF3F948D}" = Sage Accounts 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"Stylin' Studio_is1" = Stylin' Studio v1.0
"WebSTAR DPX2100 Uninstall" = Scientific Atlanta WebSTAR 2000 series Cable Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 02/01/2012 12:47:25 | Computer Name = HP40661939415 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23234
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23234
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129860
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129860
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 137704
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 137704
[ Application Events ]
Error - 02/01/2012 12:47:25 | Computer Name = HP40661939415 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23234
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23234
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 129860
Error - 03/01/2012 13:40:31 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 129860
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 137704
Error - 03/01/2012 13:40:39 | Computer Name = HP40661939415 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 137704
[ OSession Events ]
Error - 17/08/2009 16:33:24 | Computer Name = HP40661939415 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14180
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25/12/2011 05:14:57 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 05:14:57 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 07:36:48 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 07:59:24 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 08:11:31 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 12:30:09 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 25/12/2011 13:39:21 | Computer Name = HP40661939415 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 01/01/2012 08:42:11 | Computer Name = HP40661939415 | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.
Error - 02/01/2012 11:37:58 | Computer Name = HP40661939415 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR210\0000 disappeared from the system without
first being prepared for removal.
Error - 03/01/2012 13:22:46 | Computer Name = HP40661939415 | Source = PSched | ID = 14103
Description = QoS [Adapter {18D094A4-6E8F-428F-AFCA-2F0176FAA63A}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.
< End of report >
And here is the aswMBR scan text
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 15:47:13
-----------------------------
15:47:13.265 OS Version: Windows 5.1.2600 Service Pack 3
15:47:13.265 Number of processors: 2 586 0x1706
15:47:13.265 ComputerName: HP40661939415 UserName: Mum and Dad
15:47:14.703 Initialize success
15:47:42.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:47:42.625 Disk 0 Vendor: WDC_WD3200AAJS-60M0A0 02.03E02 Size: 305245MB BusType: 3
15:47:42.640 Disk 0 MBR read successfully
15:47:42.640 Disk 0 MBR scan
15:47:42.640 Disk 0 unknown MBR code
15:47:42.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 288840 MB offset 63
15:47:42.656 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 16386 MB offset 591561495
15:47:42.671 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 625121280
15:47:42.671 Disk 0 scanning sectors +625142432
15:47:42.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:47:51.296 Service scanning
15:47:52.250 Modules scanning
15:47:59.265 Disk 0 trace - called modules:
15:47:59.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:47:59.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8b5ab8]
15:47:59.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a83cf18]
15:47:59.281 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a88a940]
15:47:59.281 Scan finished successfully
15:48:12.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\MBR.dat"
15:48:12.671 The log file has been saved successfully to "C:\Documents and Settings\Mum and Dad\Desktop\aswMBR.txt"
I really hope that's all OK - wasn't sure whether to just paste text or to save the .txt files and attach. Apologies if I chose the wrong way to do it! Thanks so much for your help and your guidance.
Nicola