At my workplace a coworker has a PC that is constantly popping up an AVG screen locating the virus Trojan Horse Crypt AQLW and IDP.Trojan.1c8d1a13 as well. These viruses are being found by AVG, moved to vault, but come back every day for the past 1-2 weeks. Internet explorer was being re-directed to odd sites as well. Google chrome not so much.
Earlier this week google chrome quit working, the task manager intermittently will not load to kill off programs, IE keeps re-directing. As of an hour ago, Internet explorer is not working at all. It will load, but not go to a page. Internet connection is funtional as I am on the same network just a different computer.
Programs already used:
Super Anti-spyware (got rid of cookies and such, but never located anything severe)
Panda Active Scan online- Found nothing
Kaperksy- found nothing
Malware bytes- found a few items, but did not help with original problem.
I would greatly appreciate any assistance that someone could provide as this is quite a persistant little virus! Thank you in advance!
Logs shown below-
TL logfile created on: 4/13/2012 10:41:46 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.92% Memory free
2.58 Gb Paging File | 1.82 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 384.52 Gb Free Space | 82.56% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.58 Gb Free Space | 96.05% Space Free | Partition Type: FAT32
Computer Name: GX520 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/13 10:30:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/12 09:06:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 09:06:44 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/10/27 08:49:57 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/13 06:05:08 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/13 06:05:07 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/22 18:28:46 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2010/06/29 12:48:46 | 000,114,416 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/07/30 19:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/03/05 14:09:50 | 002,453,504 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/23 18:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/01/15 19:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/13 10:17:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/12 09:06:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 09:06:44 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/12 09:06:40 | 001,869,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
MOD - [2012/03/11 13:50:38 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/17 15:08:16 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/13 06:05:20 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011/06/13 06:05:17 | 000,256,424 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/04/15 08:47:09 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/04/15 08:47:08 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/04/15 08:47:05 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/04/08 14:53:48 | 000,376,832 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2011/03/16 16:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/24 17:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2010/02/25 12:20:31 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll
MOD - [2009/03/05 14:09:22 | 000,065,536 | ---- | M] () -- C:\Program Files\MagicTune Premium\MTResEng.dll
MOD - [2009/03/05 14:09:22 | 000,032,768 | ---- | M] () -- C:\Program Files\MagicTune Premium\HzZone.dll
MOD - [2009/03/05 14:09:20 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\DProfile.dll
MOD - [2009/03/05 14:09:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\VESADll.dll
MOD - [2009/03/05 14:09:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\IProfile.dll
MOD - [2009/03/05 14:09:18 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\EProfile.dll
MOD - [2009/03/05 14:09:16 | 000,040,960 | ---- | M] () -- C:\Program Files\MagicTune Premium\DeviceInterface.dll
MOD - [2009/03/05 14:09:14 | 000,032,768 | ---- | M] () -- C:\Program Files\MagicTune Premium\Highlight.dll
MOD - [2008/12/30 11:29:12 | 000,077,824 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneCore.dll
MOD - [2008/11/12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2008/09/10 17:00:05 | 000,168,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/08/23 18:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
MOD - [2007/01/15 19:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
MOD - [2003/03/26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MtxDma0.dll -- (zmxpzip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgio.dll -- (yukonwlh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eelogsvc.dll -- (Wtcls2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnacom.dll -- (wmp54gsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winpowermonitor.dll -- (wdm_au8820)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\appmgmt.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msi_wlan_service.dll -- (wacommousefilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (VNUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uleadburninghelper.dll -- (vncdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (UPATC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (tones)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{834170a7-af3b-4d34-a757-e05eb29ee96d}.dll -- (thinkpadmodemservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NxNetMon.dll -- (TdmService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nwlnkipx.dll -- (ssisvr32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sagefserver.dll -- (ssidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmBEnum.dll -- (slip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdm.dll -- (slave)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netddedsdm.dll -- (sgeclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NxFsMon.dll -- (SE26mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (scanwscs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dll -- (sbp2port)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\videX32.dll -- (SaiNtBus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPNDIS5.dll -- (rupsd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gagp30kx.dll -- (rpcapd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eelogsvc.dll -- (regspy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsbus.dll -- (pvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASMMAP.dll -- (Ptserlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfloppy.dll -- (psimsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websenseusagemonitor.dll -- (PSDFilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\enxpsvc.dll -- (processor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aegisp.dll -- (PNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netrcacm.dll -- (pdlnatcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (pdengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regdefend.dll -- (pcidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TuneUp.Defrag.dll -- (patrol_scheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SECYPUSB.dll -- (p2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\merakpop3.dll -- (P17xfi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaRdPnp.dll -- (oracle_load_balancer_60_server-forms6ip9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WDM_YAMAHAAC97.dll -- (NVR0FLASHDev)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmtdi.dll -- (ngserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\firelm01.dll -- (mssqlserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgntflt.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550mgmt.dll -- (mcsysmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (lkclassads)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anbmservice.dll -- (infrastructure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se44bus.dll -- (IJPLMSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpnva.dll -- (iirsp)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wltwo51b.dll -- (forcewarewebinterface)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ANC.dll -- (FETNDIS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetMsmqActivator.dll -- (F700imd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (eSettingsService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SISNICXP.dll -- (epsonstatusagent2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysenforce.dll -- (dsNcAdpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcusrmgr.dll -- (dlpwd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pelusblf.dll -- (dlaudf_m)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usb_rndisx.dll -- (cyberpowerups)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vetfddnt.dll -- (cpqalert)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mhndrv.dll -- (ccalib8)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mctaskmanager.dll -- (bdftdif)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wpsnuio.dll -- (avidsdmservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (AtlsAud)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AFGSp50.dll -- (atkdisplf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntrtscan.dll -- (AR5416)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BsHelpCS.dll -- (application)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ss_mdm.dll -- (anio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ehrecvr.dll -- (AeLookupSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\abnetmon.dll -- (adsservice)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/12 09:06:48 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/13 06:05:07 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/29 12:48:46 | 000,114,416 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 12:42:38 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\epsonbidirectionalservice.dll -- (Ncrc710)
SRV - [2007/08/23 18:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/06 11:21:23 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/12/15 11:44:58 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/22 09:09:28 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\04274212.sys -- (04274212)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\0427421.sys -- (setup_9.0.0.722_14.04.2011_16-51drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\04274211.sys -- (04274211)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/24 20:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2006/05/11 15:55:34 | 000,093,568 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2005/05/17 21:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aarich.sys -- (aarich)
DRV - [2005/03/17 19:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/17 23:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/07 17:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac)
DRV - [2003/04/28 11:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2003/02/24 13:02:58 | 000,011,029 | ---- | M] (VMware, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-14 09:04:23&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 09:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/04/12 14:39:54 | 000,000,000 | ---D | M]
[2010/03/01 18:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/01 18:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2012-02-14 09:04:23&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\ReImageCompanion\updatebhoWin32.dll File not found
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files\ReImageCompanion\jsloader.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000 File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_14.04.2011_16-51.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_14.04.2011_16-51\startup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1234894103984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234894245437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\ReImageCompanion\tdataprotocol.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\My Pictures\paw.gif
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 12:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fc0e8ef8-eb42-11de-9389-00137271adc6}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0e8ef8-eb42-11de-9389-00137271adc6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc0e8ef8-eb42-11de-9389-00137271adc6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/13 10:41:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/12 14:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2012/04/12 14:39:51 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/04/12 14:39:50 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/04/12 14:39:50 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/04/12 14:39:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/04/12 14:37:34 | 000,253,352 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/04/12 14:36:54 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/04/12 14:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/04/12 14:36:46 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/04/12 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/12 14:34:00 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/04/12 14:34:00 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/04/12 14:33:51 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/04/12 14:33:51 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/04/12 14:33:45 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/12 14:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/12 14:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/12 14:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/12 14:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TestApp
[2012/04/10 21:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2012/04/10 21:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/04/10 17:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/10 17:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/10 11:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/04/10 11:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/10 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/10 11:02:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/10 11:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/10 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Spruce
[2012/04/09 15:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/04/09 08:29:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/06 11:20:41 | 000,000,000 | ---D | C] -- C:\rei
[2012/04/06 11:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/04/06 11:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
[2012/04/06 11:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2012/04/06 11:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2012/04/06 11:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/04/05 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/05 08:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/05 08:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/13 10:30:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/13 10:17:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/13 10:14:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/13 10:13:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/04/13 10:13:33 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/13 10:13:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/13 08:19:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/13 03:09:07 | 000,435,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 03:09:07 | 000,068,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 03:03:21 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/12 18:59:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/12 17:14:49 | 094,754,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/12 17:13:26 | 000,246,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/12 14:36:55 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/04/12 14:34:28 | 000,644,197 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/12 14:33:16 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/04/12 09:59:51 | 000,016,373 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\paw150.jpg
[2012/04/12 09:40:48 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/12 09:36:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012/04/11 16:13:10 | 000,031,532 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CECEILSTONEREPORT.pdf
[2012/04/11 15:13:00 | 000,062,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\1streport.pdf
[2012/04/10 21:02:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 11:03:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 11:21:18 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2012/04/06 09:23:17 | 000,221,034 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/06 09:22:57 | 000,176,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 06:05:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/02 09:49:00 | 000,607,694 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\1100packagetestpass.pdf
[2012/03/29 11:31:49 | 000,036,654 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\1100POSTTESTREPORT.pdf
[2012/03/23 13:24:10 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2012/03/16 03:02:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 13:10:46 | 018,612,224 | ---- | M] () -- C:\cdrom-1.33.iso
[2012/03/15 13:06:45 | 008,947,690 | ---- | M] () -- C:\generic-pc-1.33.img
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/13 03:03:21 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/12 14:39:51 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/04/12 14:39:50 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/04/12 14:39:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/04/12 14:39:50 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/04/12 14:39:50 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/04/12 14:36:55 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/04/12 14:34:07 | 000,644,197 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/12 14:33:16 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/04/12 10:00:54 | 000,016,373 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\paw150.jpg
[2012/04/11 15:43:26 | 000,031,532 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CECEILSTONEREPORT.pdf
[2012/04/11 15:13:00 | 000,062,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\1streport.pdf
[2012/04/10 14:16:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/10 11:02:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 15:46:17 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/06 11:21:17 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2012/04/06 11:14:10 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/04/06 09:23:17 | 000,221,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/06 09:22:57 | 000,176,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/05 11:38:38 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/02 09:49:00 | 000,607,694 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\1100packagetestpass.pdf
[2012/03/29 11:32:32 | 000,036,654 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\1100POSTTESTREPORT.pdf
[2012/03/15 13:10:46 | 018,612,224 | ---- | C] () -- C:\cdrom-1.33.iso
[2012/03/15 13:06:45 | 008,947,690 | ---- | C] () -- C:\generic-pc-1.33.img
[2012/02/16 01:06:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 09:33:16 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2011/10/27 08:44:56 | 000,186,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/15 10:15:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
========== Alternate Data Streams ==========
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
Extras Text File also popped up
OTL Extras logfile created on: 4/13/2012 10:41:46 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.92% Memory free
2.58 Gb Paging File | 1.82 Gb Available in Paging File | 70.70% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 384.52 Gb Free Space | 82.56% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.58 Gb Free Space | 96.05% Space Free | Partition Type: FAT32
Computer Name: GX520 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FIREWALLDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{192257C2-CBBD-4013-BD7B-9504611AF721}" = AVG 2011
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BB586E51-4876-4BB2-91EC-5CB3D0C38145}" = CardMinder V4.1
"{BF90863B-BF23-4293-89F0-19EF85E2B170}" = ScanSnap Organizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4441601-698B-4FB5-A749-DB5806B8021E}" = AVG 2011
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC08084A-3CB3-44C5-8D9B-04E2E299612A}" = ScanSnap
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB410000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap 4.1
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"AVG" = AVG 2011
"Browser Defender_is1" = Browser Defender 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rapport_msi" = Rapport
"SouthWare PDF Creator" = SouthWare PDF Creator
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"STANDARDR" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 3/5/2010 6:35:13 PM | Computer Name = GX520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 227
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10/21/2011 4:03:31 PM | Computer Name = GX520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11484
seconds with 120 seconds of active time. This session ended with a crash.
Error - 2/16/2012 6:19:55 PM | Computer Name = GX520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27945
seconds with 960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/13/2012 11:21:25 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 4/13/2012 11:21:25 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Awecho service terminated with the following error: %%5
Error - 4/13/2012 11:22:28 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The SSFS0BB9 service terminated with the following error: %%5
Error - 4/13/2012 11:23:33 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 4/13/2012 11:24:22 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 4/13/2012 11:25:08 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 4/13/2012 11:27:18 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 4/13/2012 11:31:34 AM | Computer Name = GX520 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 4/13/2012 11:31:34 AM | Computer Name = GX520 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 4/13/2012 11:37:28 AM | Computer Name = GX520 | Source = Service Control Manager | ID = 7023
Description = The FreeTdi service terminated with the following error: %%5
< End of report >