Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse hider, win32 lebag win32 heur I'm riddled HELP [Close


  • This topic is locked This topic is locked

#1
nobbyburton

nobbyburton

    Member

  • Member
  • PipPipPip
  • 173 posts
Have posted on other forums but unsure why ivebhad o help yet over 3 days now

Really desperate please help
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you are not being helped elsewhere then :

Tell me what the problem is and the symptoms that you are experiencing

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    Drives
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Apologies am trying to post reply from infected pc but Ie crashing a lot on iPad so will try to get OTL log on soon, as have got the app
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you having problems getting the system to start ?
  • 0

#5
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
No, IE crashing a little when trying to copy logs both now done, so nearly there,mthanks for helping btw
  • 0

#6
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
OTL logfile created on: 09/03/2012 21:32:13 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = H:\Documents and Settings\Andy & Joanna\My Documents\Torrents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.83% Memory free
2.85 Gb Paging File | 2.27 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): H:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive E: | 983.72 Mb Total Space | 471.98 Mb Free Space | 47.98% Space Free | Partition Type: FAT
Drive F: | 970.63 Mb Total Space | 699.63 Mb Free Space | 72.08% Space Free | Partition Type: FAT
Drive H: | 232.88 Gb Total Space | 11.50 Gb Free Space | 4.94% Space Free | Partition Type: NTFS
Drive J: | 1396.91 Gb Total Space | 1263.71 Gb Free Space | 90.47% Space Free | Partition Type: FAT32

Computer Name: ANDY-38AF1A8D42 | User Name: Andy & Joanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 22:54:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Andy & Joanna\My Documents\Torrents\OTL.exe
PRC - [2012/02/14 23:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/16 21:03:46 | 000,939,872 | ---- | M] () -- H:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/15 16:00:46 | 000,204,800 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/03/15 15:33:52 | 000,180,224 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010/03/15 15:32:38 | 000,991,232 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- H:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/01/28 07:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2007/11/01 13:25:40 | 002,165,256 | ---- | M] (Xpertvision, Inc.) -- H:\Program Files\XpertVision\TBPANEL.exe
PRC - [2006/10/13 17:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\vVX3000.exe
PRC - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/12/02 18:23:34 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2012/01/16 21:03:46 | 000,939,872 | ---- | M] () -- H:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/13 01:29:16 | 000,401,408 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSMgrSDK.dll
MOD - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
MOD - [2010/03/13 01:26:50 | 000,528,384 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSMgrSDK.EN
MOD - [2010/03/13 01:26:50 | 000,212,992 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSUtilSDK.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- H:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/02/16 17:40:42 | 005,623,808 | ---- | M] () -- H:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 17:40:40 | 001,568,768 | ---- | M] () -- H:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- H:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () [Auto | Running] -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/27 12:43:48 | 000,712,704 | ---- | M] (Nokia) [On_Demand | Stopped] -- H:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () [Auto | Running] -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- H:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/01/28 07:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/12/30 19:42:34 | 000,724,992 | ---- | M] () [Auto | Stopped] -- H:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/09 19:57:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/30 22:59:02 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- H:\Program Files\Clarus\Samsung SecretZone\mvd20.sys -- (mvd20)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/21 13:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- H:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- H:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006/10/13 17:04:30 | 001,966,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/05/01 12:50:40 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex)
DRV - [2006/05/01 12:49:50 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/01 12:49:00 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm)
DRV - [2006/05/01 12:48:56 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl)
DRV - [2006/05/01 12:48:04 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus) Sony Ericsson Device 038 Driver driver (WDM)
DRV - [2006/05/01 12:47:30 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2006/05/01 12:47:24 | 000,090,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)
DRV - [2006/03/14 03:23:26 | 000,082,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/02/20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2006/01/19 02:01:00 | 000,017,280 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2005/08/11 05:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/02/11 21:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/08 22:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.c...pur/All Sources
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GZAZ_enGB259
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-16 09:13:45&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: H:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: H:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: H:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B73DC3E6-5AA7-4F69-A6DA-F8F00F7AEE36}: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\{B73DC3E6-5AA7-4F69-A6DA-F8F00F7AEE36} [2010/07/19 17:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 22:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: H:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/16 21:04:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: H:\Program Files\PriceGong\2.1.0\FF [2010/05/11 21:13:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = H:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = H:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Disabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: NPCIG.dll (Enabled) = H:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = H:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.67\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = H:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2010/07/20 21:00:35 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - H:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - H:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Gainward] H:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] H:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] H:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] H:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] H:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] H:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VX3000] H:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O4 - HKU\S-1-5-18..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = H:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Dropbox.lnk = H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..Trusted Domains: nhs.uk ([www.togethertwecan] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199526417500 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://services.soft...geUploader7.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 90.207.238.97 90.207.238.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EFCB436-CE30-4096-96DC-190682815772}: DhcpNameServer = 90.207.238.97 90.207.238.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF4B3AC5-15D4-4328-9E55-47F62CFD92A1}: NameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - H:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (H:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - H:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe) - H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O24 - Desktop WallPaper: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/17 18:21:18 | 000,000,034 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell\AutoRun\command - "" = K:\laucher.exe
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell\AutoRun\command - "" = L:\SafeStick.exe
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell\AutoRun\command - "" = J:\SafeStick.exe
O33 - MountPoints2\{e2a00ee0-bb7d-11dc-9b70-001d6030268b}\Shell\AutoRun\command - "" = J:\Blackwell.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 21:20:51 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\CyberLink PowerDVD
[2012/03/09 20:41:59 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Google
[2012/03/09 20:41:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2012/03/09 20:41:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/09 20:41:15 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/07 23:31:27 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Wise Installation Wizard
[2012/03/07 19:49:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 21:36:30 | 000,000,558 | ---- | M] () -- H:\WINDOWS\DFC.INI
[2012/03/09 21:25:07 | 000,445,144 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012/03/09 21:25:06 | 000,072,910 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012/03/09 21:21:56 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012/03/09 21:21:28 | 000,098,368 | -H-- | M] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
[2012/03/09 21:20:13 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\cRrO623
[2012/03/09 21:20:05 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 21:20:03 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\a2JGu23
[2012/03/09 21:19:54 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012/03/09 21:02:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 21:01:00 | 000,000,250 | ---- | M] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 20:22:10 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\fpoBLU3
[2012/03/09 19:57:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/09 19:26:41 | 000,002,187 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/08 22:39:55 | 000,277,352 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/08 22:06:36 | 000,001,813 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/07 22:27:10 | 000,000,784 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 19:46:39 | 091,023,286 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/05 20:32:36 | 000,032,256 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 20:15:01 | 000,000,069 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini
[2012/02/23 18:40:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/17 18:08:56 | 000,000,458 | ---- | M] () -- H:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/02/17 17:01:53 | 000,318,675 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/16 22:40:15 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2012/02/16 19:55:28 | 000,001,052 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/16 19:55:28 | 000,001,052 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Desktop\Dropbox.lnk
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/09 21:20:13 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\cRrO623
[2012/03/09 20:40:00 | 000,098,368 | -H-- | C] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
[2012/03/09 20:39:20 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\a2JGu23
[2012/03/09 20:22:10 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\fpoBLU3
[2012/03/07 22:27:10 | 000,000,784 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 19:55:09 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2012/02/16 19:55:09 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\dllcache\iacenc.dll
[2011/08/07 12:25:11 | 000,000,020 | ---- | C] () -- H:\WINDOWS\System32\MSWYXTND.DLL
[2010/08/16 18:32:27 | 000,590,816 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 21:28:39 | 000,000,186 | ---- | C] () -- H:\WINDOWS\System32\MRT.INI
[2010/07/19 22:23:29 | 000,000,000 | ---- | C] () -- H:\WINDOWS\Ijoguko.bin
[2010/07/19 20:20:28 | 000,000,120 | ---- | C] () -- H:\WINDOWS\Sqese.dat
[2010/03/12 17:01:09 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- H:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/02/28 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- H:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >


========== Drive Information ==========
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Drive: \\\\.\\PHYSICALDRIVE1 -
Drive: \\\\.\\PHYSICALDRIVE2 -
Drive: \\\\.\\PHYSICALDRIVE3 - Removable media other than\tfloppy
Drive: \\\\.\\PHYSICALDRIVE4 -
Drive: \\\\.\\PHYSICALDRIVE5 - Fixed\thard disk media
Drive: \\\\.\\PHYSICALDRIVE6 - Removable media other than\tfloppy

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #6, Partition #0
PartitionType: Win95 w/Extended Int 13
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 16384
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 127488
Hidden sectors: 0

DeviceID: Disk #5, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32768
Hidden sectors: 0


< End of report >

OTL Extras logfile created on: 09/03/2012 21:32:13 - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = H:\Documents and Settings\Andy & Joanna\My Documents\Torrents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.83% Memory free
2.85 Gb Paging File | 2.27 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): H:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive E: | 983.72 Mb Total Space | 471.98 Mb Free Space | 47.98% Space Free | Partition Type: FAT
Drive F: | 970.63 Mb Total Space | 699.63 Mb Free Space | 72.08% Space Free | Partition Type: FAT
Drive H: | 232.88 Gb Total Space | 11.50 Gb Free Space | 4.94% Space Free | Partition Type: NTFS
Drive J: | 1396.91 Gb Total Space | 1263.71 Gb Free Space | 90.47% Space Free | Partition Type: FAT32

Computer Name: ANDY-38AF1A8D42 | User Name: Andy & Joanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "H:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\Microsoft LifeCam\LifeExp.exe" = H:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"H:\Program Files\Microsoft LifeCam\LifeCam.exe" = H:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"H:\Program Files\uTorrent\uTorrent.exe" = H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Documents and Settings\Andy & Joanna\Application Data\U3\00001626737200E1\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = H:\Documents and Settings\Andy & Joanna\Application Data\U3\00001626737200E1\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype
"H:\Program Files\TeamViewer\Version4\TeamViewer.exe" = H:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"H:\Documents and Settings\Andy & Joanna\temp\TeamViewer\Version4\TeamViewer.exe" = H:\Documents and Settings\Andy & Joanna\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"H:\Program Files\AVG\AVG8\avgupd.exe" = H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"H:\Program Files\AVG\AVG8\avgnsx.exe" = H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"H:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = H:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"H:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = H:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"H:\Program Files\Skype\Plugin Manager\skypePM.exe" = H:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe" = H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"H:\Program Files\AVG\AVG10\avgdiagex.exe" = H:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG10\avgnsx.exe" = H:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG10\avgemcx.exe" = H:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCAEDF-4853-437F-8B62-9C3B1267E9A4}" = AVG 2011
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F61DD673-0030-4BB2-A382-7E57E97F1033}" = Nero 7 Essentials
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"0222-0618-0114-4896" = Review Manager 5.1.2
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"[email protected] File Recovery 7.3" = [email protected] File Recovery 7.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"alotToolbar" = ALOT Toolbar
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Championship Manager 01-02" = Championship Manager 01-02
"CloneDVD2" = CloneDVD2
"coverXP" = coverXP (remove only)
"Creative Jukebox Driver" = Creative Jukebox Driver
"CSCLIB" = Canon Camera Support Core Library
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 3.16.3.29
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.6.0.21
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 3.16
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard)
"MP3MyMP3_is1" = MP3MyMP3 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PriceGong" = PriceGong 2.1.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SysInfo" = Creative System Information
"TeamViewer 4" = TeamViewer 4
"TVersity Codec Pack" = TVersity Codec Pack 1.1
"TVersity Media Server " = TVersity Media Server 0.9.11.4 beta
"uTorrent" = µTorrent
"Videora iPad Converter" = Videora iPad Converter 6
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xilisoft Audio Maker" = Xilisoft Audio Maker
"XpertVision_is1" = XpertVision 5.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.01
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{22BBE99C-4A0D-4EB4-A139-14CFD848C0F8}_is1" = Bonusprint
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/03/2012 18:30:55 | Computer Name = ANDY-38AF1A8D42 | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x20026c5b.

Error - 07/03/2012 18:30:59 | Computer Name = ANDY-38AF1A8D42 | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x20026c5b.

Error - 09/03/2012 15:54:09 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2012 16:03:17 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2012 16:06:09 | Computer Name = ANDY-38AF1A8D42 | Source = MDM | ID = 4101
Description = An error occurred while the debugger attempted to correct its registry.

Error - 09/03/2012 16:39:25 | Computer Name = ANDY-38AF1A8D42 | Source = MDM | ID = 4101
Description = An error occurred while the debugger attempted to correct its registry.

Error - 09/03/2012 16:43:16 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2012 17:20:09 | Computer Name = ANDY-38AF1A8D42 | Source = MDM | ID = 4101
Description = An error occurred while the debugger attempted to correct its registry.

Error - 09/03/2012 17:29:58 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2012 17:32:10 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 12/05/2010 15:18:12 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 311
seconds with 60 seconds of active time. This session ended with a crash.

Error - 24/05/2010 07:10:08 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7841
seconds with 240 seconds of active time. This session ended with a crash.

Error - 29/05/2010 07:32:09 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1089
seconds with 240 seconds of active time. This session ended with a crash.

Error - 14/06/2010 15:36:26 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.

Error - 15/06/2010 17:15:20 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/07/2010 17:24:53 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 174
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/08/2010 17:56:52 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 90 seconds with 60 seconds of active time. This session ended with a crash.

Error - 05/09/2010 05:45:53 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 687
seconds with 180 seconds of active time. This session ended with a crash.

Error - 06/09/2010 14:56:37 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 30185
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 03/08/2011 14:21:25 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Virtual Disk Service Manager service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater service terminated unexpectedly. It has done
this 1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The TeamViewer 4 service terminated unexpectedly. It has done this
1 time(s).

Error - 09/03/2012 16:59:59 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 21:44:24
-----------------------------
21:44:24.953 OS Version: Windows 5.1.2600 Service Pack 3
21:44:24.953 Number of processors: 2 586 0xF0D
21:44:24.953 ComputerName: ANDY-38AF1A8D42 UserName: Andy & Joanna
21:44:26.500 Initialize success
21:44:49.531 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
21:44:49.531 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
21:44:49.531 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS ba399f26
21:44:49.546 Disk 1 MBR read successfully
21:44:49.546 Disk 1 MBR scan
21:44:49.546 Disk 1 Windows XP default MBR code
21:44:49.546 Disk 1 MBR hidden
21:44:49.546 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
21:44:49.578 Disk 1 scanning H:\WINDOWS\system32\drivers
21:44:54.890 Service scanning
21:45:11.640 Modules scanning
21:45:19.812 Disk 1 trace - called modules:
21:45:19.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
21:45:19.812 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8a24aab8]
21:45:19.812 Scan finished successfully
21:51:47.359 Disk 1 MBR has been saved successfully to "E:\MBR.dat"
21:51:47.359 The log file has been saved successfully to "E:\aswMBR.txt"


all the logs
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then lets try to stabilise the system first

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
    O4 - HKU\S-1-5-18..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
    O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
    O20 - HKLM Winlogon: UserInit - (H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe) - H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
    [2012/03/07 19:49:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb
    [2012/03/09 21:21:28 | 000,098,368 | -H-- | M] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
    [2012/03/09 21:20:13 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\cRrO623
    [2012/03/09 21:20:03 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\a2JGu23
    [2012/03/09 20:22:10 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\fpoBLU3
    [2012/03/09 21:20:13 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\cRrO623
    [2012/03/09 20:40:00 | 000,098,368 | -H-- | C] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
    [2012/03/09 20:39:20 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\a2JGu23
    [2012/03/09 20:22:10 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\fpoBLU3
    [2010/07/19 22:23:29 | 000,000,000 | ---- | C] () -- H:\WINDOWS\Ijoguko.bin
    [2010/07/19 20:20:28 | 000,000,120 | ---- | C] () -- H:\WINDOWS\Sqese.dat


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#8
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Cheers, running first fix now on pc, updating whilst on iPad is useful, cheers again
  • 0

#9
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
[EMPTYTEMP]

User: All Users

User: Andy & Joanna
->Temp folder emptied: 52017085 bytes
->Temporary Internet Files folder emptied: 610735534 bytes
->Java cache emptied: 22407465 bytes
->Google Chrome cache emptied: 6025394 bytes
->Apple Safari cache emptied: 10272768 bytes
->Flash cache emptied: 2580777 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13147373 bytes
->Flash cache emptied: 562 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 461172128 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3311448 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57401350 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 290570720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 43396 bytes
RecycleBin emptied: 45864 bytes

Total Files Cleaned = 1,459.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.36.1 log created on 03092012_221657

Files\Folders moved on Reboot...
Folder move failed. H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb scheduled to be moved on reboot.
H:\Documents and Settings\Andy & Joanna\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder H:\Documents and Settings\Andy & Joanna\Local Settings\Temp\~DF64DD.tmp not found!
File\Folder H:\Documents and Settings\Andy & Joanna\Local Settings\Temp\~DF64F3.tmp not found!
H:\Documents and Settings\Andy & Joanna\Local Settings\Temporary Internet Files\Content.IE5\Z4K5FFDC\page__gopid__2130697[1].htm moved successfully.
H:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NMARQDFZ\dotnetfx35setup[1].exe moved successfully.

Registry entries deleted on Reboot...



22:31:44.0187 1876 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
22:31:45.0203 1876 ============================================================
22:31:45.0203 1876 Current date / time: 2012/03/09 22:31:45.0203
22:31:45.0203 1876 SystemInfo:
22:31:45.0203 1876
22:31:45.0203 1876 OS Version: 5.1.2600 ServicePack: 3.0
22:31:45.0203 1876 Product type: Workstation
22:31:45.0203 1876 ComputerName: ANDY-38AF1A8D42
22:31:45.0203 1876 UserName: Andy & Joanna
22:31:45.0203 1876 Windows directory: H:\WINDOWS
22:31:45.0203 1876 System windows directory: H:\WINDOWS
22:31:45.0203 1876 Processor architecture: Intel x86
22:31:45.0203 1876 Number of processors: 2
22:31:45.0203 1876 Page size: 0x1000
22:31:45.0203 1876 Boot type: Normal boot
22:31:45.0203 1876 ============================================================
22:31:47.0640 1876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:31:47.0640 1876 Drive \Device\Harddisk3\DR4 - Size: 0x3CB00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:31:47.0656 1876 Drive \Device\Harddisk5\DR6 - Size: 0x15D50F60000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:31:47.0656 1876 Drive \Device\Harddisk6\DR12 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:31:47.0656 1876 \Device\Harddisk0\DR0:
22:31:47.0656 1876 MBR used
22:31:47.0656 1876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
22:31:47.0656 1876 \Device\Harddisk3\DR4:
22:31:47.0656 1876 MBR used
22:31:47.0656 1876 \Device\Harddisk3\DR4\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E5707
22:31:47.0656 1876 \Device\Harddisk5\DR6:
22:31:47.0656 1876 MBR used
22:31:47.0656 1876 \Device\Harddisk5\DR6\Partition0: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0xAEA86701
22:31:47.0656 1876 \Device\Harddisk6\DR12:
22:31:47.0671 1876 MBR used
22:31:47.0671 1876 \Device\Harddisk6\DR12\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EBFE0
22:31:47.0687 1876 Initialize success
22:31:47.0687 1876 ============================================================
22:32:06.0640 3004 ============================================================
22:32:06.0640 3004 Scan started
22:32:06.0640 3004 Mode: Manual; SigCheck; TDLFS;
22:32:06.0640 3004 ============================================================
22:32:07.0671 3004 Abiosdsk - ok
22:32:07.0765 3004 abp480n5 - ok
22:32:07.0812 3004 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys
22:32:10.0171 3004 ACPI - ok
22:32:10.0250 3004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys
22:32:10.0406 3004 ACPIEC - ok
22:32:10.0453 3004 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) H:\WINDOWS\system32\drivers\ADIHdAud.sys
22:32:10.0515 3004 ADIHdAudAddService - ok
22:32:10.0546 3004 adpu160m - ok
22:32:10.0578 3004 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) H:\WINDOWS\system32\drivers\AEAudio.sys
22:32:10.0640 3004 AEAudioService - ok
22:32:10.0906 3004 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
22:32:11.0062 3004 aec - ok
22:32:11.0109 3004 AegisP (2f7f3e8da380325866e566f5d5ec23d5) H:\WINDOWS\system32\DRIVERS\AegisP.sys
22:32:11.0140 3004 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:32:11.0140 3004 AegisP - detected UnsignedFile.Multi.Generic (1)
22:32:11.0187 3004 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
22:32:11.0234 3004 AFD - ok
22:32:11.0421 3004 Aha154x - ok
22:32:11.0593 3004 aic78u2 - ok
22:32:11.0609 3004 aic78xx - ok
22:32:11.0640 3004 AliIde - ok
22:32:11.0656 3004 amsint - ok
22:32:11.0687 3004 asc - ok
22:32:11.0703 3004 asc3350p - ok
22:32:11.0718 3004 asc3550 - ok
22:32:11.0765 3004 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) H:\WINDOWS\system32\ASNDIS5.SYS
22:32:11.0796 3004 ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning
22:32:11.0796 3004 ASNDIS5 - detected UnsignedFile.Multi.Generic (1)
22:32:11.0843 3004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:32:11.0984 3004 AsyncMac - ok
22:32:12.0234 3004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
22:32:12.0375 3004 atapi - ok
22:32:12.0406 3004 Atdisk - ok
22:32:12.0453 3004 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:32:12.0609 3004 Atmarpc - ok
22:32:12.0671 3004 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
22:32:12.0812 3004 audstub - ok
22:32:12.0937 3004 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) H:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:32:13.0796 3004 AVGIDSDriver - ok
22:32:13.0859 3004 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:32:13.0890 3004 AVGIDSEH - ok
22:32:14.0140 3004 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) H:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:32:14.0156 3004 AVGIDSFilter - ok
22:32:14.0203 3004 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) H:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:32:14.0203 3004 AVGIDSShim - ok
22:32:14.0281 3004 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) H:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:32:14.0312 3004 Avgldx86 - ok
22:32:14.0343 3004 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) H:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:32:14.0359 3004 Avgmfx86 - ok
22:32:14.0375 3004 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) H:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:32:14.0406 3004 Avgrkx86 - ok
22:32:14.0453 3004 Avgtdix (aaf0ebcad95f2164cffb544e00392498) H:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:32:14.0484 3004 Avgtdix - ok
22:32:14.0546 3004 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) H:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:32:14.0718 3004 BCM43XX - ok
22:32:14.0890 3004 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
22:32:15.0046 3004 Beep - ok
22:32:15.0093 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
22:32:15.0265 3004 cbidf2k - ok
22:32:15.0500 3004 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:32:15.0640 3004 CCDECODE - ok
22:32:15.0656 3004 cd20xrnt - ok
22:32:15.0718 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
22:32:15.0859 3004 Cdaudio - ok
22:32:16.0093 3004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
22:32:16.0281 3004 Cdfs - ok
22:32:16.0359 3004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
22:32:16.0500 3004 Cdrom - ok
22:32:16.0515 3004 Changer - ok
22:32:16.0546 3004 CmdIde - ok
22:32:16.0593 3004 Cpqarray - ok
22:32:16.0781 3004 dac2w2k - ok
22:32:16.0875 3004 dac960nt - ok
22:32:16.0921 3004 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
22:32:17.0062 3004 Disk - ok
22:32:17.0109 3004 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys
22:32:17.0312 3004 dmboot - ok
22:32:17.0437 3004 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys
22:32:17.0593 3004 dmio - ok
22:32:17.0625 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
22:32:17.0765 3004 dmload - ok
22:32:18.0046 3004 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
22:32:18.0187 3004 DMusic - ok
22:32:18.0234 3004 dpti2o - ok
22:32:18.0281 3004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
22:32:18.0406 3004 drmkaud - ok
22:32:18.0453 3004 ElbyCDIO (e4788e5b3e5f0a0bbb318a9c426c2812) H:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:32:18.0468 3004 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
22:32:18.0468 3004 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
22:32:18.0500 3004 ElbyDelay (0b15894b0698abcac9f19d060119d1d0) H:\WINDOWS\system32\Drivers\ElbyDelay.sys
22:32:18.0578 3004 ElbyDelay ( UnsignedFile.Multi.Generic ) - warning
22:32:18.0578 3004 ElbyDelay - detected UnsignedFile.Multi.Generic (1)
22:32:18.0828 3004 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
22:32:19.0000 3004 Fastfat - ok
22:32:19.0078 3004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys
22:32:19.0218 3004 Fdc - ok
22:32:19.0453 3004 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys
22:32:19.0609 3004 Fips - ok
22:32:19.0656 3004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:32:19.0796 3004 Flpydisk - ok
22:32:19.0859 3004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
22:32:20.0000 3004 FltMgr - ok
22:32:20.0156 3004 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) H:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:32:20.0171 3004 fssfltr - ok
22:32:20.0234 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
22:32:20.0390 3004 Fs_Rec - ok
22:32:20.0453 3004 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:32:20.0609 3004 Ftdisk - ok
22:32:20.0671 3004 gameenum (065639773d8b03f33577f6cdaea21063) H:\WINDOWS\system32\DRIVERS\gameenum.sys
22:32:20.0812 3004 gameenum - ok
22:32:20.0859 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:32:20.0890 3004 GEARAspiWDM - ok
22:32:20.0937 3004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
22:32:21.0078 3004 Gpc - ok
22:32:21.0281 3004 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) H:\WINDOWS\system32\drivers\HdAudio.sys
22:32:21.0343 3004 HdAudAddService - ok
22:32:21.0390 3004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:32:21.0531 3004 HDAudBus - ok
22:32:21.0593 3004 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
22:32:21.0750 3004 HidUsb - ok
22:32:21.0875 3004 hpn - ok
22:32:21.0953 3004 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) H:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:32:22.0156 3004 HPZid412 - ok
22:32:22.0203 3004 HPZipr12 (89f41658929393487b6b7d13c8528ce3) H:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:32:22.0250 3004 HPZipr12 - ok
22:32:22.0500 3004 HPZius12 (abcb05ccdbf03000354b9553820e39f8) H:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:32:22.0562 3004 HPZius12 - ok
22:32:22.0625 3004 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
22:32:22.0671 3004 HTTP - ok
22:32:22.0703 3004 i2omgmt - ok
22:32:22.0734 3004 i2omp - ok
22:32:22.0781 3004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:32:22.0921 3004 i8042prt - ok
22:32:23.0171 3004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
22:32:23.0312 3004 Imapi - ok
22:32:23.0343 3004 ini910u - ok
22:32:23.0375 3004 IntelIde - ok
22:32:23.0421 3004 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys
22:32:23.0546 3004 intelppm - ok
22:32:23.0796 3004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
22:32:23.0937 3004 Ip6Fw - ok
22:32:24.0015 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:32:24.0156 3004 IpFilterDriver - ok
22:32:24.0234 3004 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
22:32:24.0375 3004 IpInIp - ok
22:32:24.0437 3004 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
22:32:24.0578 3004 IpNat - ok
22:32:24.0609 3004 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
22:32:24.0765 3004 IPSec - ok
22:32:24.0984 3004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
22:32:25.0125 3004 IRENUM - ok
22:32:25.0156 3004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys
22:32:25.0296 3004 isapnp - ok
22:32:25.0546 3004 ivusb (339dea550cc17283d6fd689ac7e67c57) H:\WINDOWS\system32\DRIVERS\ivusb.sys
22:32:25.0578 3004 ivusb - ok
22:32:25.0734 3004 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) H:\WINDOWS\system32\DRIVERS\ctpdusb.sys
22:32:25.0796 3004 Jukebox3 - ok
22:32:25.0843 3004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:32:26.0000 3004 Kbdclass - ok
22:32:26.0031 3004 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
22:32:26.0156 3004 kmixer - ok
22:32:26.0343 3004 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
22:32:26.0421 3004 KSecDD - ok
22:32:26.0453 3004 lbrtfdc - ok
22:32:26.0531 3004 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) H:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:32:26.0546 3004 MBAMSwissArmy - ok
22:32:26.0625 3004 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) H:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
22:32:26.0656 3004 mdf15 ( UnsignedFile.Multi.Generic ) - warning
22:32:26.0656 3004 mdf15 - detected UnsignedFile.Multi.Generic (1)
22:32:26.0953 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
22:32:27.0109 3004 mnmdd - ok
22:32:27.0171 3004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys
22:32:27.0312 3004 Modem - ok
22:32:27.0359 3004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys
22:32:27.0515 3004 Mouclass - ok
22:32:27.0734 3004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys
22:32:27.0890 3004 mouhid - ok
22:32:27.0953 3004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
22:32:28.0078 3004 MountMgr - ok
22:32:28.0250 3004 mraid35x - ok
22:32:28.0453 3004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:32:28.0593 3004 MRxDAV - ok
22:32:28.0656 3004 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:32:28.0703 3004 MRxSmb - ok
22:32:28.0765 3004 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
22:32:28.0906 3004 Msfs - ok
22:32:29.0031 3004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
22:32:29.0187 3004 MSKSSRV - ok
22:32:29.0218 3004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:32:29.0343 3004 MSPCLOCK - ok
22:32:29.0375 3004 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
22:32:29.0515 3004 MSPQM - ok
22:32:29.0640 3004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:32:29.0765 3004 mssmbios - ok
22:32:29.0812 3004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
22:32:29.0937 3004 MSTEE - ok
22:32:30.0015 3004 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) H:\WINDOWS\system32\drivers\msmpu401.sys
22:32:30.0171 3004 ms_mpu401 - ok
22:32:30.0234 3004 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) H:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:32:30.0281 3004 MTsensor - ok
22:32:30.0328 3004 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
22:32:30.0390 3004 Mup - ok
22:32:30.0468 3004 mvd20 (f4bf8ef15459f037c257afe62d5c7742) H:\Program Files\Clarus\Samsung SecretZone\mvd20.sys
22:32:30.0500 3004 mvd20 ( UnsignedFile.Multi.Generic ) - warning
22:32:30.0500 3004 mvd20 - detected UnsignedFile.Multi.Generic (1)
22:32:30.0734 3004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:32:31.0218 3004 NABTSFEC - ok
22:32:31.0328 3004 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
22:32:31.0750 3004 NDIS - ok
22:32:31.0812 3004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:32:31.0953 3004 NdisIP - ok
22:32:32.0062 3004 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:32:32.0125 3004 NdisTapi - ok
22:32:32.0187 3004 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:32:32.0312 3004 Ndisuio - ok
22:32:32.0359 3004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:32:32.0500 3004 NdisWan - ok
22:32:32.0609 3004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
22:32:32.0656 3004 NDProxy - ok
22:32:32.0718 3004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
22:32:32.0859 3004 NetBIOS - ok
22:32:32.0921 3004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
22:32:33.0062 3004 NetBT - ok
22:32:33.0171 3004 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) H:\WINDOWS\system32\drivers\ccdcmb.sys
22:32:33.0375 3004 nmwcd - ok
22:32:33.0437 3004 nmwcdc (3859c69a77793180548802dac9f34a38) H:\WINDOWS\system32\drivers\ccdcmbo.sys
22:32:33.0531 3004 nmwcdc - ok
22:32:33.0750 3004 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
22:32:33.0890 3004 Npfs - ok
22:32:33.0968 3004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
22:32:34.0140 3004 Ntfs - ok
22:32:34.0328 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
22:32:34.0468 3004 Null - ok
22:32:34.0671 3004 nv (5950e6cc9fb3fabb61604d395dbc8550) H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:32:35.0390 3004 nv - ok
22:32:35.0453 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:32:35.0625 3004 NwlnkFlt - ok
22:32:35.0671 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:32:35.0812 3004 NwlnkFwd - ok
22:32:35.0859 3004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\DRIVERS\parport.sys
22:32:35.0984 3004 Parport - ok
22:32:36.0093 3004 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
22:32:36.0250 3004 PartMgr - ok
22:32:36.0312 3004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys
22:32:36.0656 3004 ParVdm - ok
22:32:36.0875 3004 pccsmcfd (fd2041e9ba03db7764b2248f02475079) H:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:32:36.0953 3004 pccsmcfd - ok
22:32:37.0000 3004 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys
22:32:37.0125 3004 PCI - ok
22:32:37.0140 3004 PCIDump - ok
22:32:37.0171 3004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys
22:32:37.0328 3004 PCIIde - ok
22:32:37.0437 3004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys
22:32:37.0578 3004 Pcmcia - ok
22:32:37.0593 3004 PDCOMP - ok
22:32:37.0625 3004 PDFRAME - ok
22:32:37.0640 3004 PDRELI - ok
22:32:37.0656 3004 PDRFRAME - ok
22:32:37.0671 3004 perc2 - ok
22:32:37.0687 3004 perc2hib - ok
22:32:37.0750 3004 PfModNT (0abc514f6606324ce15484d079027798) H:\WINDOWS\system32\drivers\PfModNT.sys
22:32:37.0765 3004 PfModNT ( UnsignedFile.Multi.Generic ) - warning
22:32:37.0765 3004 PfModNT - detected UnsignedFile.Multi.Generic (1)
22:32:38.0109 3004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
22:32:38.0281 3004 PptpMiniport - ok
22:32:38.0343 3004 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
22:32:38.0500 3004 PSched - ok
22:32:38.0609 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
22:32:38.0781 3004 Ptilink - ok
22:32:38.0812 3004 ql1080 - ok
22:32:38.0843 3004 Ql10wnt - ok
22:32:38.0875 3004 ql12160 - ok
22:32:38.0906 3004 ql1240 - ok
22:32:38.0953 3004 ql1280 - ok
22:32:39.0031 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
22:32:39.0171 3004 RasAcd - ok
22:32:39.0328 3004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:32:39.0453 3004 Rasl2tp - ok
22:32:39.0484 3004 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:32:39.0609 3004 RasPppoe - ok
22:32:39.0687 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
22:32:39.0843 3004 Raspti - ok
22:32:39.0921 3004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
22:32:40.0062 3004 Rdbss - ok
22:32:40.0125 3004 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:32:40.0281 3004 RDPCDD - ok
22:32:40.0515 3004 rdpdr (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:32:40.0656 3004 rdpdr - ok
22:32:40.0718 3004 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) H:\WINDOWS\system32\drivers\RDPWD.sys
22:32:40.0750 3004 RDPWD - ok
22:32:40.0812 3004 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys
22:32:40.0953 3004 redbook - ok
22:32:41.0218 3004 RTLE8023xp (890d2d87df574ba48d21c9f1ffde63b4) H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:32:41.0265 3004 RTLE8023xp - ok
22:32:41.0359 3004 SE26bus (d12cd1cce29256af57b3a0a0a4eb4985) H:\WINDOWS\system32\DRIVERS\SE26bus.sys
22:32:41.0437 3004 SE26bus - ok
22:32:41.0500 3004 SE26mdfl (271e52ebe93af39d3410f5481f36202a) H:\WINDOWS\system32\DRIVERS\SE26mdfl.sys
22:32:41.0546 3004 SE26mdfl - ok
22:32:41.0734 3004 SE26mdm (c6b688bc8af4d2d384dbcb3fa4681fca) H:\WINDOWS\system32\DRIVERS\SE26mdm.sys
22:32:41.0796 3004 SE26mdm - ok
22:32:41.0921 3004 SE26mgmt (046b56284d7c2cbf25d6edeefc74cab8) H:\WINDOWS\system32\DRIVERS\SE26mgmt.sys
22:32:41.0968 3004 SE26mgmt - ok
22:32:42.0000 3004 se26nd5 (4380ec5a1451e740c589c313cffd830e) H:\WINDOWS\system32\DRIVERS\se26nd5.sys
22:32:42.0046 3004 se26nd5 - ok
22:32:42.0078 3004 SE26obex (e6a884ea26c38087a419c4221a354168) H:\WINDOWS\system32\DRIVERS\SE26obex.sys
22:32:42.0125 3004 SE26obex - ok
22:32:42.0187 3004 se26unic (4d3e5a8968ba82728bd4d352d12589f5) H:\WINDOWS\system32\DRIVERS\se26unic.sys
22:32:42.0218 3004 se26unic - ok
22:32:42.0265 3004 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
22:32:42.0390 3004 Secdrv - ok
22:32:42.0468 3004 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) H:\WINDOWS\system32\drivers\Senfilt.sys
22:32:42.0500 3004 SenFiltService - ok
22:32:42.0578 3004 serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
22:32:42.0718 3004 serenum - ok
22:32:42.0781 3004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\DRIVERS\serial.sys
22:32:42.0953 3004 Serial - ok
22:32:43.0015 3004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
22:32:43.0156 3004 Sfloppy - ok
22:32:43.0187 3004 Simbad - ok
22:32:43.0234 3004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
22:32:43.0359 3004 SLIP - ok
22:32:43.0578 3004 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) H:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:32:43.0734 3004 SONYPVU1 - ok
22:32:43.0750 3004 Sparrow - ok
22:32:43.0796 3004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
22:32:43.0937 3004 splitter - ok
22:32:43.0968 3004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys
22:32:44.0546 3004 sr - ok
22:32:44.0687 3004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
22:32:44.0750 3004 Srv - ok
22:32:44.0812 3004 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:32:44.0968 3004 streamip - ok
22:32:45.0000 3004 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
22:32:45.0156 3004 swenum - ok
22:32:45.0203 3004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
22:32:45.0343 3004 swmidi - ok
22:32:45.0375 3004 symc810 - ok
22:32:45.0406 3004 symc8xx - ok
22:32:45.0421 3004 sym_hi - ok
22:32:45.0453 3004 sym_u3 - ok
22:32:45.0484 3004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
22:32:45.0609 3004 sysaudio - ok
22:32:45.0781 3004 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) H:\WINDOWS\system32\drivers\TBPanel.sys
22:32:45.0796 3004 TBPanel - ok
22:32:45.0859 3004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
22:32:45.0953 3004 Tcpip - ok
22:32:46.0015 3004 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
22:32:46.0156 3004 TDPIPE - ok
22:32:46.0390 3004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
22:32:46.0953 3004 TDTCP - ok
22:32:47.0140 3004 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
22:32:47.0281 3004 TermDD - ok
22:32:47.0312 3004 TosIde - ok
22:32:47.0375 3004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
22:32:47.0515 3004 Udfs - ok
22:32:47.0640 3004 ultra - ok
22:32:47.0703 3004 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
22:32:47.0859 3004 Update - ok
22:32:47.0921 3004 upperdev (0ccadc7391021376edbb8aa649d04e68) H:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:32:48.0015 3004 upperdev - ok
22:32:48.0265 3004 USBAAPL (83cafcb53201bbac04d822f32438e244) H:\WINDOWS\system32\Drivers\usbaapl.sys
22:32:48.0359 3004 USBAAPL - ok
22:32:48.0437 3004 usbaudio (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
22:32:48.0562 3004 usbaudio - ok
22:32:48.0593 3004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:32:48.0734 3004 usbccgp - ok
22:32:48.0875 3004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
22:32:49.0031 3004 usbehci - ok
22:32:49.0062 3004 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
22:32:49.0203 3004 usbhub - ok
22:32:49.0437 3004 usbohci (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
22:32:49.0593 3004 usbohci - ok
22:32:49.0656 3004 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
22:32:49.0796 3004 usbprint - ok
22:32:49.0843 3004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
22:32:49.0984 3004 usbscan - ok
22:32:50.0203 3004 usbser (1c888b000c2f9492f4b15b5b6b84873e) H:\WINDOWS\system32\drivers\usbser.sys
22:32:50.0343 3004 usbser - ok
22:32:50.0390 3004 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) H:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:32:50.0484 3004 UsbserFilt - ok
22:32:50.0531 3004 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:32:50.0687 3004 usbstor - ok
22:32:50.0796 3004 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) H:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:32:50.0921 3004 usb_rndisx - ok
22:32:50.0953 3004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
22:32:51.0093 3004 VgaSave - ok
22:32:51.0281 3004 ViaIde - ok
22:32:51.0406 3004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys
22:32:51.0546 3004 VolSnap - ok
22:32:51.0640 3004 VX3000 (45798ec03c6aeb45aa2f2084f7842f6c) H:\WINDOWS\system32\DRIVERS\VX3000.sys
22:32:51.0718 3004 VX3000 - ok
22:32:52.0000 3004 w810bus (5e8b60606fc4173b69cdecd964f22d28) H:\WINDOWS\system32\DRIVERS\w810bus.sys
22:32:52.0046 3004 w810bus ( UnsignedFile.Multi.Generic ) - warning
22:32:52.0046 3004 w810bus - detected UnsignedFile.Multi.Generic (1)
22:32:52.0093 3004 w810mdfl (c0cc4f5a3c58b4c07ec4a82a5ae24714) H:\WINDOWS\system32\DRIVERS\w810mdfl.sys
22:32:52.0125 3004 w810mdfl ( UnsignedFile.Multi.Generic ) - warning
22:32:52.0125 3004 w810mdfl - detected UnsignedFile.Multi.Generic (1)
22:32:52.0171 3004 w810mdm (2aafeedc3bfe14419cbce7ceea59dd05) H:\WINDOWS\system32\DRIVERS\w810mdm.sys
22:32:52.0187 3004 w810mdm ( UnsignedFile.Multi.Generic ) - warning
22:32:52.0187 3004 w810mdm - detected UnsignedFile.Multi.Generic (1)
22:32:52.0250 3004 w810mgmt (b0037db3f890d0ffcf7e35f356a435ec) H:\WINDOWS\system32\DRIVERS\w810mgmt.sys
22:32:52.0281 3004 w810mgmt ( UnsignedFile.Multi.Generic ) - warning
22:32:52.0281 3004 w810mgmt - detected UnsignedFile.Multi.Generic (1)
22:32:52.0312 3004 w810obex (bf609636068f17246f94b490c5812483) H:\WINDOWS\system32\DRIVERS\w810obex.sys
22:32:52.0328 3004 w810obex ( UnsignedFile.Multi.Generic ) - warning
22:32:52.0328 3004 w810obex - detected UnsignedFile.Multi.Generic (1)
22:32:52.0375 3004 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
22:32:52.0515 3004 Wanarp - ok
22:32:52.0578 3004 wceusbsh (46a247f6617526afe38b6f12f5512120) H:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:32:52.0640 3004 wceusbsh - ok
22:32:52.0687 3004 Wdf01000 (d918617b46457b9ac28027722e30f647) H:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:32:52.0750 3004 Wdf01000 - ok
22:32:52.0781 3004 WDICA - ok
22:32:52.0843 3004 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
22:32:52.0968 3004 wdmaud - ok
22:32:53.0078 3004 WpdUsb (cf4def1bf66f06964dc0d91844239104) H:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:32:53.0140 3004 WpdUsb - ok
22:32:53.0203 3004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:32:53.0343 3004 WSTCODEC - ok
22:32:53.0421 3004 WudfPf (50eb9e21963b4f06fd010d007d54351b) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:32:53.0562 3004 WudfPf - ok
22:32:53.0703 3004 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:32:53.0750 3004 WudfRd - ok
22:32:53.0781 3004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:32:53.0968 3004 \Device\Harddisk0\DR0 - ok
22:32:53.0968 3004 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR4
22:32:54.0203 3004 \Device\Harddisk3\DR4 - ok
22:32:54.0203 3004 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk5\DR6
22:33:05.0875 3004 \Device\Harddisk5\DR6 - ok
22:33:05.0875 3004 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR12
22:33:07.0000 3004 \Device\Harddisk6\DR12 - ok
22:33:07.0015 3004 Boot (0x1200) (d08cd24409b21fb3d21fbaa4b2e6985c) \Device\Harddisk0\DR0\Partition0
22:33:07.0015 3004 \Device\Harddisk0\DR0\Partition0 - ok
22:33:07.0015 3004 Boot (0x1200) (fb6ae36e9179b5e3b9c08009d396aee1) \Device\Harddisk3\DR4\Partition0
22:33:07.0015 3004 \Device\Harddisk3\DR4\Partition0 - ok
22:33:07.0015 3004 Boot (0x1200) (ea8f6c9b1d3c9bd02a446fb01fa97408) \Device\Harddisk5\DR6\Partition0
22:33:07.0015 3004 \Device\Harddisk5\DR6\Partition0 - ok
22:33:07.0031 3004 Boot (0x1200) (7b466b7ebcabb9f7278f13b0d73aa4fa) \Device\Harddisk6\DR12\Partition0
22:33:07.0031 3004 \Device\Harddisk6\DR12\Partition0 - ok
22:33:07.0031 3004 ============================================================
22:33:07.0031 3004 Scan finished
22:33:07.0031 3004 ============================================================
22:33:07.0156 4828 Detected object count: 12
22:33:07.0156 4828 Actual detected object count: 12
22:33:46.0375 4828 H:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
22:33:46.0375 4828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0406 4828 H:\WINDOWS\system32\ASNDIS5.SYS - copied to quarantine
22:33:46.0421 4828 ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0468 4828 H:\WINDOWS\system32\Drivers\ElbyCDIO.sys - copied to quarantine
22:33:46.0468 4828 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0546 4828 H:\WINDOWS\system32\Drivers\ElbyDelay.sys - copied to quarantine
22:33:46.0546 4828 ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0625 4828 H:\Program Files\Clarus\Samsung SecretZone\mdf15.sys - copied to quarantine
22:33:46.0625 4828 mdf15 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0671 4828 H:\Program Files\Clarus\Samsung SecretZone\mvd20.sys - copied to quarantine
22:33:46.0671 4828 mvd20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0734 4828 H:\WINDOWS\system32\drivers\PfModNT.sys - copied to quarantine
22:33:46.0750 4828 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0796 4828 H:\WINDOWS\system32\DRIVERS\w810bus.sys - copied to quarantine
22:33:46.0812 4828 w810bus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0875 4828 H:\WINDOWS\system32\DRIVERS\w810mdfl.sys - copied to quarantine
22:33:46.0875 4828 w810mdfl ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:46.0921 4828 H:\WINDOWS\system32\DRIVERS\w810mdm.sys - copied to quarantine
22:33:46.0921 4828 w810mdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:47.0000 4828 H:\WINDOWS\system32\DRIVERS\w810mgmt.sys - copied to quarantine
22:33:47.0000 4828 w810mgmt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:47.0062 4828 H:\WINDOWS\system32\DRIVERS\w810obex.sys - copied to quarantine
22:33:47.0062 4828 w810obex ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
22:33:55.0812 4168 Deinitialize success


think this is both logs
  • 0

#10
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Not getting avg threats detected but pc not quite right, doesn't appear to have virus but IE not able to access windows update and odd pop boxes appearing for sp2 and sp3. Hope we can clear up tomorrow will donate too thanks again
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK onwards and upwards ;)

So Neither AVG nor windows updates works now

Have you tried a re-install of AVG ?

Lets check out the drivers and registry next

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#12
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
Just turned on, getting avg threats all the time so not sure whether to do the next stage or not now
  • 0

#13
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
OTL logfile created on: 10/03/2012 17:34:27 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = H:\USB Key
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.27% Memory free
2.85 Gb Paging File | 2.17 Gb Available in Paging File | 76.22% Paging File free
Paging file location(s): H:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive E: | 983.72 Mb Total Space | 471.38 Mb Free Space | 47.92% Space Free | Partition Type: FAT
Drive F: | 970.63 Mb Total Space | 699.63 Mb Free Space | 72.08% Space Free | Partition Type: FAT
Drive H: | 232.88 Gb Total Space | 11.91 Gb Free Space | 5.12% Space Free | Partition Type: NTFS
Drive J: | 1396.91 Gb Total Space | 1263.71 Gb Free Space | 90.47% Space Free | Partition Type: FAT32

Computer Name: ANDY-38AF1A8D42 | User Name: Andy & Joanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 17:33:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\USB Key\OTL.exe
PRC - [2012/02/14 23:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/16 21:03:46 | 000,939,872 | ---- | M] () -- H:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/15 16:00:46 | 000,204,800 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/03/15 15:33:52 | 000,180,224 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010/03/15 15:32:38 | 000,991,232 | ---- | M] (Clarus, Inc.) -- H:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- H:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2007/11/01 13:25:40 | 002,165,256 | ---- | M] (Xpertvision, Inc.) -- H:\Program Files\XpertVision\TBPANEL.exe
PRC - [2006/10/13 17:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\vVX3000.exe
PRC - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2004/12/02 18:23:34 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2012/01/16 21:03:46 | 000,939,872 | ---- | M] () -- H:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/16 21:03:44 | 001,811,296 | ---- | M] () -- H:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 18:57:34 | 000,096,112 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 18:56:16 | 001,230,704 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/13 01:29:16 | 000,401,408 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSMgrSDK.dll
MOD - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
MOD - [2010/03/13 01:26:50 | 000,528,384 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSMgrSDK.EN
MOD - [2010/03/13 01:26:50 | 000,212,992 | ---- | M] () -- H:\Program Files\Clarus\Samsung SecretZone\MSUtilSDK.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- H:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/02/16 17:40:42 | 005,623,808 | ---- | M] () -- H:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 17:40:40 | 001,568,768 | ---- | M] () -- H:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- H:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (HTTPFilter)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/16 21:03:55 | 000,909,152 | ---- | M] () [Auto | Running] -- H:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- H:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/27 12:43:48 | 000,712,704 | ---- | M] (Nokia) [On_Demand | Stopped] -- H:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/13 01:29:16 | 000,217,088 | ---- | M] () [Auto | Running] -- H:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- H:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/01/28 07:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/12/30 19:42:34 | 000,823,296 | ---- | M] () [Auto | Stopped] -- H:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2006/10/13 17:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/10 17:19:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/10 08:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/30 22:59:02 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- H:\Program Files\Clarus\Samsung SecretZone\mvd20.sys -- (mvd20)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/21 13:25:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- H:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- H:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006/10/13 17:04:30 | 001,966,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/05/01 12:50:40 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex)
DRV - [2006/05/01 12:49:50 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/01 12:49:00 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm)
DRV - [2006/05/01 12:48:56 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl)
DRV - [2006/05/01 12:48:04 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus) Sony Ericsson Device 038 Driver driver (WDM)
DRV - [2006/05/01 12:47:30 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2006/05/01 12:47:24 | 000,090,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)
DRV - [2006/03/14 03:23:26 | 000,082,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/02/20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2006/01/19 02:01:00 | 000,017,280 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2005/08/11 05:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/02/11 21:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/08 22:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.c...pur/All Sources
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GZAZ_enGB259
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-16 09:13:45&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: H:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: H:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: H:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B73DC3E6-5AA7-4F69-A6DA-F8F00F7AEE36}: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\{B73DC3E6-5AA7-4F69-A6DA-F8F00F7AEE36} [2010/07/19 17:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 22:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: H:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/16 21:04:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: H:\Program Files\PriceGong\2.1.0\FF [2010/05/11 21:13:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = H:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = H:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Disabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: NPCIG.dll (Enabled) = H:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = H:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.67\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = H:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/03/09 22:17:33 | 000,000,098 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - H:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (no name) - {1631550F-191D-4826-B069-D9439253D926} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - H:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Gainward] H:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] H:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LanguageShortcut] H:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] H:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] H:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] H:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [VX3000] H:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O4 - HKU\S-1-5-18..\Run: [HorAtbfq] H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-507921405-1409082233-839522115-1003..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = H:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Dropbox.lnk = H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = H:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-507921405-1409082233-839522115-1003\..Trusted Domains: nhs.uk ([www.togethertwecan] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199526417500 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://services.soft...geUploader7.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 90.207.238.97 90.207.238.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EFCB436-CE30-4096-96DC-190682815772}: DhcpNameServer = 90.207.238.97 90.207.238.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF4B3AC5-15D4-4328-9E55-47F62CFD92A1}: NameServer = 192.168.0.1
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\system32\msvidctl.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\system32\msvidctl.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - H:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (H:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - H:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe) - H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb\horatbfq.exe File not found
O24 - Desktop WallPaper: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/03 16:11:12 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2011/02/17 18:21:18 | 000,000,034 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fcca0c9-1439-11e0-9900-001d6030268b}\Shell\AutoRun\command - "" = J:\DPFMate.exe
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{433a36a8-9f5b-11e0-9986-001d6030268b}\Shell\AutoRun\command - "" = K:\laucher.exe
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a30bc684-7709-11de-8693-001d6030268b}\Shell\AutoRun\command - "" = L:\SafeStick.exe
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell - "" = AutoRun
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc787f38-8a52-11de-86b1-001d6030268b}\Shell\AutoRun\command - "" = J:\SafeStick.exe
O33 - MountPoints2\{e2a00ee0-bb7d-11dc-9b70-001d6030268b}\Shell\AutoRun\command - "" = J:\Blackwell.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 17:12:06 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\CyberLink PowerDVD
[2012/03/09 22:33:46 | 000,000,000 | ---D | C] -- H:\TDSSKiller_Quarantine
[2012/03/09 22:16:57 | 000,000,000 | ---D | C] -- H:\_OTL
[2012/03/09 20:41:59 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Google
[2012/03/09 20:41:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2012/03/09 20:41:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/09 20:41:15 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/07 23:31:27 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Wise Installation Wizard
[2012/03/07 19:49:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\yiangwkb

========== Files - Modified Within 30 Days ==========

[2012/03/10 17:47:46 | 000,000,558 | ---- | M] () -- H:\WINDOWS\DFC.INI
[2012/03/10 17:19:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/10 17:13:23 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012/03/10 17:12:56 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\idLl3SAc
[2012/03/10 17:12:45 | 000,098,368 | -H-- | M] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
[2012/03/10 17:12:32 | 000,098,368 | -H-- | M] () -- H:\Documents and Settings\Andy & Joanna\cRrO623
[2012/03/10 17:12:26 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\a7nkjz3
[2012/03/10 17:11:58 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\cRrO623
[2012/03/10 17:11:52 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/10 17:11:51 | 000,098,368 | -H-- | M] () -- H:\WINDOWS\System32\a2JGu23
[2012/03/10 17:11:39 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012/03/10 17:06:23 | 000,445,144 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012/03/10 17:06:23 | 000,072,910 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012/03/10 17:03:42 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 17:01:07 | 000,000,250 | ---- | M] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 22:17:33 | 000,000,098 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/09 19:26:41 | 000,002,187 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/03/08 22:39:55 | 000,277,352 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/08 22:06:36 | 000,001,813 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/07 22:27:10 | 000,000,784 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/07 19:46:39 | 091,023,286 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/05 20:32:36 | 000,032,256 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 20:15:01 | 000,000,069 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini
[2012/02/17 18:08:56 | 000,000,458 | ---- | M] () -- H:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/02/17 17:01:53 | 000,318,675 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/16 22:40:15 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2012/02/16 19:55:28 | 000,001,052 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/16 19:55:28 | 000,001,052 | ---- | M] () -- H:\Documents and Settings\Andy & Joanna\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2012/03/10 17:12:56 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\idLl3SAc
[2012/03/10 17:11:39 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\4Ex8PA3
[2012/03/09 22:28:25 | 000,098,368 | -H-- | C] () -- H:\Documents and Settings\Andy & Joanna\cRrO623
[2012/03/09 22:28:24 | 000,098,368 | -H-- | C] () -- H:\Documents and Settings\Andy & Joanna\a2JGu23
[2012/03/09 22:28:00 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\a7nkjz3
[2012/03/09 22:27:55 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\cRrO623
[2012/03/09 22:27:50 | 000,098,368 | -H-- | C] () -- H:\WINDOWS\System32\a2JGu23
[2012/03/07 22:27:10 | 000,000,784 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 19:55:09 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2012/02/16 19:55:09 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\dllcache\iacenc.dll
[2011/08/07 12:25:11 | 000,000,020 | ---- | C] () -- H:\WINDOWS\System32\MSWYXTND.DLL
[2010/08/16 18:32:27 | 000,590,816 | ---- | C] () -- H:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 21:28:39 | 000,000,186 | ---- | C] () -- H:\WINDOWS\System32\MRT.INI
[2010/03/12 17:01:09 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2012/01/16 21:04:20 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010/12/06 20:45:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/03/10 17:09:29 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/06 20:38:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\avg9
[2009/01/21 00:17:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/02/17 22:48:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Clarus
[2010/12/06 20:45:35 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/04 19:27:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Installations
[2011/02/27 19:33:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\kAmNoBc06308
[2008/02/03 14:09:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/07 16:06:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/03 23:48:40 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/09/28 17:42:09 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/21 00:17:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/04 10:53:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Suite
[2008/01/05 00:22:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/29 20:54:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\UDL
[2010/05/29 11:47:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 12:56:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 11:58:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/27 17:28:55 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\4C5A5FEE6EA00812DBE8AB71C400E3A0
[2010/05/11 21:13:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\alot
[2011/12/16 09:50:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\AVG Secure Search
[2010/12/06 20:46:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\AVG10
[2012/03/10 17:13:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox
[2009/07/23 21:41:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\ICAClient
[2008/01/05 00:23:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\muvee Technologies
[2010/12/29 14:48:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Nokia
[2009/07/04 10:54:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Nseries
[2009/07/04 10:38:05 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\PC Suite
[2012/03/07 22:45:26 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\PriceGong
[2009/12/13 16:49:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Printer Info Cache
[2011/07/28 19:07:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Red Kawa
[2009/02/13 08:20:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\TeamViewer
[2008/01/26 09:21:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\Teleca
[2012/03/05 22:30:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\uTorrent
[2009/09/19 10:15:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Andy & Joanna\Application Data\YouSendIt
[2010/12/06 20:57:20 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Application Data\alot
[2009/02/13 08:15:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Application Data\TeamViewer
[2012/02/17 18:08:56 | 000,000,458 | ---- | M] () -- H:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/03/10 17:01:07 | 000,000,250 | ---- | M] () -- H:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/06/13 10:23:07 | 001,134,080 | ---- | M] (Microsoft Corporation) MD5=0525D08F6213090563C9EBC3FD3A6BAA -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- H:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,134,592 | ---- | M] (Microsoft Corporation) MD5=9C0A2F103215B79F8317E11514387AD6 -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 11:26:03 | 001,134,080 | ---- | M] (Microsoft Corporation) MD5=D8FD9684C8D42F1F5F83DA257686263C -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2006/02/28 12:00:00 | 001,133,056 | ---- | M] (Microsoft Corporation) MD5=E6C04B753303B8E919A7FE3273DB990E -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2008/04/14 00:12:19 | 001,134,592 | ---- | M] (Microsoft Corporation) MD5=EC3758A2D91FB1F5D7A9ABB7BF87DBD9 -- H:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- H:\WINDOWS\system32\svchost.exe
[2006/02/28 12:00:00 | 000,115,200 | ---- | M] (Microsoft Corporation) MD5=2DAA071FE574323318FD3D819D401B30 -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 00:12:36 | 000,115,200 | ---- | M] (Microsoft Corporation) MD5=B58E6FEE09052321E402AD15B4366862 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- H:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- H:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 00:12:39 | 000,608,768 | ---- | M] (Microsoft Corporation) MD5=21BAE44C7C146715473E4C9BEEFB7498 -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2006/02/28 12:00:00 | 000,603,136 | ---- | M] (Microsoft Corporation) MD5=60AF954E20F59EEDF71DF85B65A2FC41 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- H:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- H:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >


========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: MAXTOR STM3250310AS
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model:
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: Samsung G3 Station USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 127488
Hidden sectors: 0

DeviceID: Disk #5, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32768
Hidden sectors: 0


< End of report >

OTL Extras logfile created on: 10/03/2012 17:34:27 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = H:\USB Key
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.27% Memory free
2.85 Gb Paging File | 2.17 Gb Available in Paging File | 76.22% Paging File free
Paging file location(s): H:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive E: | 983.72 Mb Total Space | 471.38 Mb Free Space | 47.92% Space Free | Partition Type: FAT
Drive F: | 970.63 Mb Total Space | 699.63 Mb Free Space | 72.08% Space Free | Partition Type: FAT
Drive H: | 232.88 Gb Total Space | 11.91 Gb Free Space | 5.12% Space Free | Partition Type: NTFS
Drive J: | 1396.91 Gb Total Space | 1263.71 Gb Free Space | 90.47% Space Free | Partition Type: FAT32

Computer Name: ANDY-38AF1A8D42 | User Name: Andy & Joanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "H:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Program Files\Microsoft LifeCam\LifeExp.exe" = H:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"H:\Program Files\Microsoft LifeCam\LifeCam.exe" = H:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"H:\Program Files\uTorrent\uTorrent.exe" = H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Documents and Settings\Andy & Joanna\Application Data\U3\00001626737200E1\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = H:\Documents and Settings\Andy & Joanna\Application Data\U3\00001626737200E1\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype
"H:\Program Files\TeamViewer\Version4\TeamViewer.exe" = H:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"H:\Documents and Settings\Andy & Joanna\temp\TeamViewer\Version4\TeamViewer.exe" = H:\Documents and Settings\Andy & Joanna\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"H:\Program Files\AVG\AVG8\avgupd.exe" = H:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"H:\Program Files\AVG\AVG8\avgnsx.exe" = H:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = H:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"H:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = H:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"H:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = H:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"H:\Program Files\Skype\Plugin Manager\skypePM.exe" = H:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe" = H:\Documents and Settings\Andy & Joanna\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"H:\Program Files\AVG\AVG10\avgdiagex.exe" = H:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG10\avgnsx.exe" = H:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"H:\Program Files\AVG\AVG10\avgemcx.exe" = H:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCAEDF-4853-437F-8B62-9C3B1267E9A4}" = AVG 2011
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F61DD673-0030-4BB2-A382-7E57E97F1033}" = Nero 7 Essentials
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"0222-0618-0114-4896" = Review Manager 5.1.2
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"[email protected] File Recovery 7.3" = [email protected] File Recovery 7.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"alotToolbar" = ALOT Toolbar
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Championship Manager 01-02" = Championship Manager 01-02
"CloneDVD2" = CloneDVD2
"coverXP" = coverXP (remove only)
"Creative Jukebox Driver" = Creative Jukebox Driver
"CSCLIB" = Canon Camera Support Core Library
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 3.16.3.29
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.6.0.21
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 3.16
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard)
"MP3MyMP3_is1" = MP3MyMP3 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"PriceGong" = PriceGong 2.1.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SysInfo" = Creative System Information
"TeamViewer 4" = TeamViewer 4
"TVersity Codec Pack" = TVersity Codec Pack 1.1
"TVersity Media Server " = TVersity Media Server 0.9.11.4 beta
"uTorrent" = µTorrent
"Videora iPad Converter" = Videora iPad Converter 6
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xilisoft Audio Maker" = Xilisoft Audio Maker
"XpertVision_is1" = XpertVision 5.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.01
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{22BBE99C-4A0D-4EB4-A139-14CFD848C0F8}_is1" = Bonusprint
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2012 20:10:58 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/03/2012 13:01:01 | Computer Name = ANDY-38AF1A8D42 | Source = MDM | ID = 4101
Description = An error occurred while the debugger attempted to correct its registry.

Error - 10/03/2012 13:04:46 | Computer Name = ANDY-38AF1A8D42 | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 10/03/2012 13:06:08 | Computer Name = ANDY-38AF1A8D42 | Source = MsiInstaller | ID = 11706
Description = Product: TrayApp -- Error 1706. An installation package for the product
TrayApp cannot be found. Try the installation again using a valid copy of the installation
package 'TrayApp.msi'.

Error - 10/03/2012 13:11:50 | Computer Name = ANDY-38AF1A8D42 | Source = MDM | ID = 4101
Description = An error occurred while the debugger attempted to correct its registry.

Error - 10/03/2012 13:13:07 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application hpqtra08.exe, version 90.0.146.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/03/2012 13:13:47 | Computer Name = ANDY-38AF1A8D42 | Source = Application Error | ID = 1000
Description = Faulting application 4Ex8PA3, version 0.0.0.0, faulting module 4Ex8PA3,
version 0.0.0.0, fault address 0x0000bee1.

Error - 10/03/2012 13:39:10 | Computer Name = ANDY-38AF1A8D42 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17108, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/03/2012 13:44:44 | Computer Name = ANDY-38AF1A8D42 | Source = Application Error | ID = 1000
Description = Faulting application 4Ex8PA3, version 0.0.0.0, faulting module 4Ex8PA3,
version 0.0.0.0, fault address 0x0000bee1.

Error - 10/03/2012 13:44:58 | Computer Name = ANDY-38AF1A8D42 | Source = Application Error | ID = 1000
Description = Faulting application 4Ex8PA3, version 0.0.0.0, faulting module 4Ex8PA3,
version 0.0.0.0, fault address 0x0000bee1.

[ OSession Events ]
Error - 12/05/2010 15:18:12 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 311
seconds with 60 seconds of active time. This session ended with a crash.

Error - 24/05/2010 07:10:08 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7841
seconds with 240 seconds of active time. This session ended with a crash.

Error - 29/05/2010 07:32:09 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1089
seconds with 240 seconds of active time. This session ended with a crash.

Error - 14/06/2010 15:36:26 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72
seconds with 60 seconds of active time. This session ended with a crash.

Error - 15/06/2010 17:15:20 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/07/2010 17:24:53 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 174
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/08/2010 17:56:52 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 90 seconds with 60 seconds of active time. This session ended with a crash.

Error - 05/09/2010 05:45:53 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 687
seconds with 180 seconds of active time. This session ended with a crash.

Error - 06/09/2010 14:56:37 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 30185
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 03/08/2011 14:21:25 | Computer Name = ANDY-38AF1A8D42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Virtual Disk Service Manager service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The TeamViewer 4 service terminated unexpectedly. It has done this
1 time(s).

Error - 09/03/2012 20:04:15 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/03/2012 13:01:31 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TVersityMediaServer service
to connect.

Error - 10/03/2012 13:12:42 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TVersityMediaServer service
to connect.

Error - 10/03/2012 13:13:04 | Computer Name = ANDY-38AF1A8D42 | Source = Service Control Manager | ID = 7034
Description = The TeamViewer 4 service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#14
nobbyburton

nobbyburton

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 173 posts
pc now acting worse than before, have posted two new OTL logs above, popping out for 2 hours so hopfeully may have some news for me when i get back

cheers
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time for a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP