[paul_j_c2000]

Hi as you can tell i am here in desperation i have xp with service pack3 i used avg free as a virus protection and never had any trouble,yesterday evening i had a message come on the screen from avg it had detected a trojan after this the computer has turned of automatic updates from microsoft and the antivirus is not detected by the system,i know a little about computers but have come on here to start at the begining,i have used the otl program which i have pasted below it means nothing to me hopefully some of you experts can lead me in the right direction i have uninstalled avg and tried a couple of things on the microsoft site but nothing helps paul
OTL logfile created on: 22/06/2012 20:29:46 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Documents and Settings\KORKY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.12% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 29.15 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 231.91 Gb Free Space | 49.79% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 3.10 Gb Free Space | 0.33% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: KORKY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 20:28:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
PRC - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/08 11:38:14 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/08 11:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/12/19 14:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 07:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICKE.EXE
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/08/30 15:05:16 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/08/30 15:03:06 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/06/13 06:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2003/06/12 17:14:00 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Xerox One Touch\OneTouchMon.exe
PRC - [2002/12/20 17:06:24 | 000,321,024 | ---- | M] () -- C:\Program Files\Monitor Calibration Wizard\MCW.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:13:36 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:11:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:11:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 03:10:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/13 03:12:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:12:38 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/13 03:09:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:06:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:05:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2010/09/10 22:21:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/08/04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2007/01/31 20:55:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
MOD - [2003/07/28 12:01:06 | 000,258,048 | ---- | M] () -- C:\Program Files\Xerox One Touch\OneTouchRes.dll
MOD - [2002/12/20 17:06:24 | 000,321,024 | ---- | M] () -- C:\Program Files\Monitor Calibration Wizard\MCW.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
SRV - [2012/06/13 22:31:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/08 11:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/06/22 12:18:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
DRV - [2010/09/11 03:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 03:18:24 | 000,551,424 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/07/21 11:39:32 | 000,576,896 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/04/07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/01/14 17:03:26 | 000,050,176 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/03 05:03:08 | 001,333,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/26 12:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 07:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/24 12:13:00 | 000,463,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2001/08/17 15:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 15:05:04 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCA.sys -- (QCAbsee) Logitech QuickCam Web (0801)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\..\SearchScopes,DefaultScope = {2C5185E3-32AC-4060-B9D1-FA31DAADA16B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2C5185E3-32AC-4060-B9D1-FA31DAADA16B}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-21 22:16:41&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/26 20:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/06/28 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Extensions
[2008/06/28 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Extensions\[email protected]
[2012/06/13 22:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions
[2012/01/26 20:44:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/06/13 22:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions\staged
[2012/01/26 20:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.0.0.9\
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.7
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011/12/21 08:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 06:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/21 22:16:38 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 06:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 06:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 06:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Xerox One Touch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s /p File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\KORKY\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340313833187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340388366921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://69.69.158.131/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E050EF-17FB-40E0-83A9-30285D074288}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\KORKY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KORKY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell - "" = AutoRun
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e01680f0-44fd-11dd-8ea7-001478edacdc}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 20:28:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
[2012/06/22 19:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/06/22 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/06/22 19:25:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/22 18:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KORKY\Local Settings\Application Data\FixItCenter
[2012/06/22 18:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/06/22 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/06/21 22:44:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KORKY\Recent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/22 20:28:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
[2012/06/22 20:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 20:11:33 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\aureinstall.cmd
[2012/06/22 20:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 19:31:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 19:31:22 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/06/22 19:31:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-888769874-30782337-1796879566-1005.job
[2012/06/22 19:31:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 19:17:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/22 18:57:13 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/06/22 18:53:45 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/22 18:52:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-888769874-30782337-1796879566-1005.job
[2012/06/22 18:29:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5266095-AFAD-4E67-801C-E8D36F9B0311}.job
[2012/06/21 22:46:07 | 000,015,676 | ---- | M] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120621_224600.reg
[2012/06/21 21:55:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
[2012/06/21 21:52:10 | 000,065,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
[2012/06/21 20:47:17 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\dt.dat
[2012/06/21 05:58:39 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/19 18:40:04 | 000,564,193 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\me.jpg
[2012/06/15 21:34:22 | 000,078,584 | ---- | M] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120615_213400.reg
[2012/06/14 03:28:13 | 001,556,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:10:19 | 000,456,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:10:19 | 000,075,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 22:55:33 | 000,405,420 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\Sara Walton.pdf
[2012/06/13 22:55:33 | 000,280,480 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\Badger Visiting the Crem sett 7.5. 2011.pdf
[2012/06/12 02:12:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/07 06:37:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 20:11:33 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\aureinstall.cmd
[2012/06/22 19:17:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/22 18:57:13 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/06/22 18:57:12 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/06/22 18:53:45 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/06/22 18:53:45 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/21 22:46:01 | 000,015,676 | ---- | C] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120621_224600.reg
[2012/06/21 21:55:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
[2012/06/21 21:52:10 | 000,065,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
[2012/06/21 20:47:17 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\dt.dat
[2012/06/19 18:40:04 | 000,564,193 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\me.jpg
[2012/06/15 21:34:11 | 000,078,584 | ---- | C] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120615_213400.reg
[2012/06/13 22:55:33 | 000,405,420 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\Sara Walton.pdf
[2012/06/13 22:55:33 | 000,280,480 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\Badger Visiting the Crem sett 7.5. 2011.pdf
[2012/02/14 23:38:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/20 21:43:46 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVSound2.sys
[2011/12/20 21:43:35 | 000,351,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCodek2.sys
[2011/12/20 21:43:35 | 000,048,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCam2.sys
[2011/12/20 21:43:32 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCA.sys
[2011/06/05 15:53:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\MFCKINF.dll
[2011/06/05 15:53:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MFCKSYS.dll
[2011/06/05 13:36:46 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/25 20:11:44 | 000,653,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAPin.sys
[2011/05/25 20:11:44 | 000,243,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkACamd.sys
[2011/05/25 20:11:44 | 000,242,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAMini.sys
[2011/05/25 20:11:44 | 000,018,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkASam.sys
[2011/05/25 20:11:44 | 000,004,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkScan.sys
[2011/05/25 20:11:43 | 010,479,603 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAPipe.sys
[2010/11/15 20:26:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/15 20:26:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/11/15 20:26:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/11/15 20:26:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/15 19:17:49 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/14 10:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/21 14:09:23 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\KORKY\addresss.csv
[2009/09/20 10:10:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\KORKY\Application Data\$_hpcst$.hpc
[2008/06/22 11:56:44 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 22:26:48 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\KORKY\default.pls

========== LOP Check ==========

[2012/06/22 19:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/06/21 22:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/15 22:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/15 22:11:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/06/12 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/06/22 19:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/02 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/05 13:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovoSun Technology
[2011/06/05 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NsCodecPack
[2009/09/20 10:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/14 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/25 19:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/05/02 16:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/28 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/09/26 14:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Amazon
[2008/07/28 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Anthropics
[2012/04/15 09:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/08/29 16:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\calibre
[2009/05/11 14:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\dBpoweramp
[2010/03/03 21:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Digiarty
[2012/06/22 18:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\ElevatedDiagnostics
[2008/06/10 20:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Leadertech
[2011/09/26 19:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Mobile Atlas Creator
[2009/02/02 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\NCH Swift Sound
[2009/09/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\PC Suite
[2010/06/21 19:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Publish Providers
[2010/10/14 19:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Samsung
[2010/07/25 19:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Sony
[2008/06/12 21:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Teleca
[2008/06/28 12:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\TomTom
[2012/06/21 22:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\uTorrent
[2010/02/21 13:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Windows Desktop Search
[2010/02/21 14:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Windows Search
[2012/06/22 19:31:22 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/06/22 18:57:13 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2011/06/05 16:06:23 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2012/06/22 18:29:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D5266095-AFAD-4E67-801C-E8D36F9B0311}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\KORKY\addresss.csv:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91E29860

< End of report >
This was a file called extras
OTL Extras logfile created on: 22/06/2012 20:29:47 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Documents and Settings\KORKY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.12% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 29.15 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 231.91 Gb Free Space | 49.79% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 3.10 Gb Free Space | 0.33% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: KORKY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server
"1935:TCP" = 1935:TCP:*:Enabled:BroadCam Video Streaming Server Flash Video Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\TomTom HOME\TomTomHOME.exe" = C:\Program Files\TomTom HOME\TomTomHOME.exe:*:Enabled:TomTom HOME
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04F67CE9-C706-7C07-B882-4790D01C5A76}" = Catalyst Control Center Graphics Previews Common
"{06EA3E02-385D-1063-5000-B8B8D034AA0F}" = CCC Help French
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1443D238-5831-901C-0555-6C85F57A0507}" = CCC Help Hungarian
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1651CEB0-0F44-C18E-D648-6F1EBE53D534}" = CCC Help Chinese Standard
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1917C96C-7106-7498-A5F4-4F9C01B541D8}" = Catalyst Control Center Localization Chinese Standard
"{1B055E0C-92E2-B598-3DF6-7057FDE601A8}" = CCC Help Portuguese
"{1D0111DC-09D9-43EC-A871-4C130387E328}" = Cyber Shredder
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{21BF1E81-C052-4312-51FE-D2EA8A59312A}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D00C668-B4CA-BD2B-B44E-77D241097649}" = CCC Help Spanish
"{2ED53A54-331C-F2E4-D658-004048D4B2CD}" = CCC Help Danish
"{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon Camera WIA Driver
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{390AFF44-EB45-8D07-AF3A-EE43DAAA1816}" = Catalyst Control Center Localization Polish
"{399ED60D-CA02-1C5B-F545-4877E17D05D5}" = Catalyst Control Center Localization Korean
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F0B6637-A832-DF4D-940B-984CAC9B4ABD}" = Catalyst Control Center Localization Spanish
"{3F95E61A-7983-7E3E-35B6-197107DC3A88}" = Catalyst Control Center Localization Portuguese
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{447209A8-BEF5-617D-B8B5-AB4147D68CC1}" = Catalyst Control Center Graphics Previews Common
"{47AC9FA7-0E52-0437-FB3C-B41E1C77BF30}" = Catalyst Control Center Localization Thai
"{48670B08-BE5C-2712-53E7-5070FE6CE01B}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1A30C8-1D62-43DE-8DFB-BDE4D7373462}" = CCC Help English
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53827E49-D154-1D5E-CE69-CBBB2609097E}" = CCC Help Czech
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B22297-6830-DD97-B290-133020A298A7}" = CCC Help Russian
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{59B41319-3551-CE7E-696B-331490645E1E}" = CCC Help German
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E3CB60D-627B-3B5C-2173-3EAB3397C9A1}" = Catalyst Control Center InstallProxy
"{6267188C-B18D-9319-0F12-29407A752CB2}" = Catalyst Control Center Localization Hungarian
"{651D7652-9070-4B67-94C0-C5CA8CA4CEDD}" = ArcSoft ShowBiz DVD 2
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6558C377-0537-4BBF-8091-159DC5C8636B}" = Cam Wizard
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A2944C2-F7D9-71C9-1A69-C3134900209C}" = CCC Help Italian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B14FCEE-A1D6-4CF3-B6EF-C0DDA98F978C}" = Genuine Fractals PrintPro
"{6CB91B76-656E-63D1-D1ED-EF62F9584FA6}" = CCC Help Norwegian
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E398E30-FDED-F9CA-7D8A-1BA1E1655EA8}" = Catalyst Control Center Localization Swedish
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD5DDE5-EEFA-064D-5F11-F6498671FBD0}" = CCC Help Thai
"{7CA635DA-8907-30BA-770E-7EA6380E6A51}" = Catalyst Control Center Localization French
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F20DEBE-2A40-E3AB-8E02-37A4D894934B}" = CCC Help Greek
"{7F399E16-A015-D2E8-392B-6F3CFE028A5A}" = Catalyst Control Center Localization Italian
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{813E070D-DFD8-41AF-C04A-4AB42EF2BC37}" = CCC Help Korean
"{8279BD5B-F4B7-3B75-95F5-F1D2BB219C7F}" = ccc-utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CF4922-D21F-3D1A-A39B-32DC7F2114EE}" = CCC Help Japanese
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B2C00FE-89DB-8448-B885-20BDACB561F7}" = Catalyst Control Center Localization Dutch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98B5CDA5-2006-8BA2-1B3B-C79C2BD5CD77}" = Catalyst Control Center Localization German
"{9C5A3504-F4FB-E121-54C5-AC705530014B}" = Catalyst Control Center Localization Japanese
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E0E5CDC-8B74-79D9-2B7D-666711FFDBC6}" = Catalyst Control Center Localization Greek
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4AD7AB1-E5E3-1EC3-BAC9-E7C3F7689463}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B123EBD8-89B7-4834-B06D-F758815E1033}" = Nero 7 Premium
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FB6B55-C271-44FC-BA03-BBD8B2EA6EEF}" = Memory-Map OS Edition Version 5
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B671ED20-784D-94BF-BAC5-03ADFD0280D4}" = CCC Help Dutch
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B83DF4BD-7E55-B78E-4376-04F680DCCD01}" = CCC Help Finnish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD88DFA7-48F2-C026-7EE3-6BDE64DBAB74}" = Catalyst Control Center Localization Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5A56577-49B4-331E-55DC-7143AFFAD108}" = ATI Catalyst Install Manager
"{C844EDCE-9692-3732-6F8C-01F33D3C533C}" = Catalyst Control Center Localization Russian
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9C09AB3-D998-146E-C83C-54A93461AD32}" = CCC Help Turkish
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DFE65E07-C285-50BF-7EBE-5B12B78427B4}" = ccc-core-preinstall
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{EB96C189-65BE-265C-A8A6-B8CD6E00F054}" = CCC Help Swedish
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F12B55DE-186C-42CA-E9B4-9FA7B786D023}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3DA11EF-1E84-FE18-9C0E-176CA396312A}" = Catalyst Control Center Localization Norwegian
"{F4731524-D4E9-2CCD-4471-5ABE373C3691}" = CCC Help English
"{FE22CBDD-AB6E-9EE4-45AD-EB7A4F2D30C3}" = Catalyst Control Center Localization Finnish
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"1489-3350-5074-6281" = JDownloader 0.9
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Real Audio (Helix) Encoder" = dBpoweramp Real Audio (Helix) Encoder
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Debut" = Debut Video Capture Software
"Digital Editions" = Adobe Digital Editions
"EasyGPS_is1" = EasyGPS 3.82
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus Photo R285_290 User’s Guide" = EPSON Stylus Photo R285_290 Manual
"FBReader for Windows" = FBReader for Windows
"Focus Magic" = Focus Magic
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}" = RAW FILE CONVERTER EX powered by SILKYPIX
"InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}" = Canon EOS-1D Mark II N WIA Driver
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiViewer Ver 2.0_is1" = MultiViewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"TomTom HOME" = TomTom HOME 2.6.2.1586
"TVEpaDrv" = Click and Convert Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox One Touch" = Xerox One Touch

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/05/2012 07:06:51 | Computer Name = PAUL | Source = ESENT | ID = 439
Description = SearchIndexer (1180) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk.
Error -1032.

Error - 01/06/2012 07:05:48 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:05:59 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:06:09 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:07:03 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:07:19 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:08:10 | Computer Name = PAUL | Source = ESENT | ID = 490
Description = SearchIndexer (640) An attempt to open the file "C:\Documents and
Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 01/06/2012 07:08:10 | Computer Name = PAUL | Source = ESENT | ID = 439
Description = SearchIndexer (640) Unable to write a shadowed header for file C:\Documents
and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk.
Error -1032.

Error - 15/06/2012 17:32:39 | Computer Name = PAUL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 15/06/2012 17:32:39 | Computer Name = PAUL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ OSession Events ]
Error - 26/08/2008 15:26:44 | Computer Name = PAUL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 67
seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/11/2009 02:07:48 | Computer Name = PAUL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/06/2012 17:19:29 | Computer Name = PAUL | Source = sr | ID = 1
Description =

Error - 21/06/2012 17:53:22 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 22/06/2012 13:23:36 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 22/06/2012 13:57:16 | Computer Name = PAUL | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 22/06/2012 14:19:23 | Computer Name = PAUL | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Send To OneNote 2007 share
name Printer.

Error - 22/06/2012 14:19:23 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 22/06/2012 14:27:39 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 22/06/2012 14:31:10 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 22/06/2012 14:31:15 | Computer Name = PAUL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001478EDACDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 22/06/2012 15:14:11 | Computer Name = PAUL | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.


< End of report >

[Advertisements]

Hi you are the second person I have seen with this and it is something new.. So at the end I would be obliged if you could zip some files for me to look at

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
  DRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  [2012/06/22 18:57:13 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
  [2012/06/21 21:55:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
  [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
  [2012/06/21 20:47:17 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\dt.dat
  [2012/06/22 18:57:13 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
  [2012/06/22 18:57:12 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
• Allow the recovery console to install
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Essexboy]

Hi you are the second person I have seen with this and it is something new.. So at the end I would be obliged if you could zip some files for me to look at

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
  DRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  [2012/06/22 18:57:13 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
  [2012/06/21 21:55:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
  [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
  [2012/06/21 20:47:17 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\dt.dat
  [2012/06/22 18:57:13 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
  [2012/06/22 18:57:12 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
• Allow the recovery console to install
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[paul_j_c2000]

First of all i would like to thank you for trying to solve my problems this is pretty scary stuff so if i have sent something wrong please advice me i wont be offended this is the log
OTL logfile created on: 23/06/2012 12:47:27 - Run 2
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Documents and Settings\KORKY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.27% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 29.63 Gb Free Space | 19.89% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 231.92 Gb Free Space | 49.79% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 3.10 Gb Free Space | 0.33% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: KORKY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 20:28:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
PRC - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/08 11:38:14 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/08 11:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/12/19 14:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/08/30 15:05:16 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/08/30 15:03:06 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/06/13 06:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2003/06/12 17:14:00 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Xerox One Touch\OneTouchMon.exe
PRC - [2002/12/20 17:06:24 | 000,321,024 | ---- | M] () -- C:\Program Files\Monitor Calibration Wizard\MCW.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:13:36 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:11:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:11:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 03:10:02 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/13 03:12:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:12:38 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/13 03:09:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:06:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:05:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/03/26 20:47:33 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/09/10 22:21:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/08/04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2007/01/31 20:55:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
MOD - [2003/07/28 12:01:06 | 000,258,048 | ---- | M] () -- C:\Program Files\Xerox One Touch\OneTouchRes.dll
MOD - [2002/12/20 17:06:24 | 000,321,024 | ---- | M] () -- C:\Program Files\Monitor Calibration Wizard\MCW.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
SRV - [2012/06/13 22:31:21 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/29 23:25:28 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/08 11:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/06/22 12:18:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/21 21:52:10 | 000,065,792 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys -- (e2e86b473d493809)
DRV - [2010/09/11 03:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 03:18:24 | 000,551,424 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/07/21 11:39:32 | 000,576,896 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/04/07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/01/14 17:03:26 | 000,050,176 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/03 05:03:08 | 001,333,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/03/26 12:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 07:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/24 12:13:00 | 000,463,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2001/08/17 15:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 15:05:04 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCA.sys -- (QCAbsee) Logitech QuickCam Web (0801)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\..\SearchScopes,DefaultScope = {2C5185E3-32AC-4060-B9D1-FA31DAADA16B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2C5185E3-32AC-4060-B9D1-FA31DAADA16B}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-21 22:16:41&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/26 20:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/06/28 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Extensions
[2008/06/28 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Extensions\[email protected]
[2012/06/13 22:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions
[2012/01/26 20:44:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/06/13 22:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\extensions\staged
[2012/01/26 20:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.0.0.9\
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.7
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011/12/21 08:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 06:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/21 22:16:38 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 06:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 06:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 06:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\KORKY\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/23 12:37:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Xerox One Touch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R285 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s /p File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\KORKY\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340313833187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340388366921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://69.69.158.131/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E050EF-17FB-40E0-83A9-30285D074288}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\KORKY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KORKY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell - "" = AutoRun
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{032a4916-e1f7-11df-a2b6-001478edacdc}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e01680f0-44fd-11dd-8ea7-001478edacdc}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6ed1061-cf82-11de-8c84-001478edacdc}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 12:37:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/22 20:28:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
[2012/06/22 19:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/06/22 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/06/22 19:25:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/22 18:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KORKY\Local Settings\Application Data\FixItCenter
[2012/06/22 18:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/06/22 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/06/21 22:44:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KORKY\Recent

========== Files - Modified Within 30 Days ==========

[2012/06/23 12:40:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 12:40:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-888769874-30782337-1796879566-1005.job
[2012/06/23 12:40:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/23 12:37:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/23 12:29:40 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/22 23:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 23:15:28 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/22 23:08:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 23:04:55 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 20:45:46 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D5266095-AFAD-4E67-801C-E8D36F9B0311}.job
[2012/06/22 20:28:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KORKY\Desktop\OTL.exe
[2012/06/22 20:11:33 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\aureinstall.cmd
[2012/06/22 19:17:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/22 18:53:45 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/22 18:52:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-888769874-30782337-1796879566-1005.job
[2012/06/21 22:46:07 | 000,015,676 | ---- | M] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120621_224600.reg
[2012/06/21 21:55:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
[2012/06/21 21:52:10 | 000,065,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
[2012/06/19 18:40:04 | 000,564,193 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\me.jpg
[2012/06/15 21:34:22 | 000,078,584 | ---- | M] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120615_213400.reg
[2012/06/14 03:28:13 | 001,556,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:10:19 | 000,456,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 03:10:19 | 000,075,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 22:55:33 | 000,405,420 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\Sara Walton.pdf
[2012/06/13 22:55:33 | 000,280,480 | ---- | M] () -- C:\Documents and Settings\KORKY\Desktop\Badger Visiting the Crem sett 7.5. 2011.pdf
[2012/06/12 02:12:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/07 06:37:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2012/06/22 23:15:28 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/22 23:05:55 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/22 20:11:33 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\aureinstall.cmd
[2012/06/22 19:17:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/22 18:53:45 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/06/22 18:53:45 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/21 22:46:01 | 000,015,676 | ---- | C] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120621_224600.reg
[2012/06/21 21:55:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\439CA7.SYS
[2012/06/21 21:52:10 | 000,065,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\e2e86b473d493809.sys
[2012/06/19 18:40:04 | 000,564,193 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\me.jpg
[2012/06/15 21:34:11 | 000,078,584 | ---- | C] () -- C:\Documents and Settings\KORKY\My Documents\cc_20120615_213400.reg
[2012/06/13 22:55:33 | 000,405,420 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\Sara Walton.pdf
[2012/06/13 22:55:33 | 000,280,480 | ---- | C] () -- C:\Documents and Settings\KORKY\Desktop\Badger Visiting the Crem sett 7.5. 2011.pdf
[2012/02/14 23:38:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/20 21:43:46 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVSound2.sys
[2011/12/20 21:43:35 | 000,351,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCodek2.sys
[2011/12/20 21:43:35 | 000,048,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCam2.sys
[2011/12/20 21:43:32 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\OVCA.sys
[2011/06/05 15:53:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\MFCKINF.dll
[2011/06/05 15:53:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MFCKSYS.dll
[2011/06/05 13:36:46 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/25 20:11:44 | 000,653,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAPin.sys
[2011/05/25 20:11:44 | 000,243,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkACamd.sys
[2011/05/25 20:11:44 | 000,242,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAMini.sys
[2011/05/25 20:11:44 | 000,018,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkASam.sys
[2011/05/25 20:11:44 | 000,004,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkScan.sys
[2011/05/25 20:11:43 | 010,479,603 | ---- | C] () -- C:\WINDOWS\System32\drivers\StkAPipe.sys
[2010/11/15 20:26:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/11/15 20:26:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/11/15 20:26:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/11/15 20:26:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/11/15 19:17:49 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/11/14 10:59:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/21 14:09:23 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\KORKY\addresss.csv
[2009/09/20 10:10:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\KORKY\Application Data\$_hpcst$.hpc
[2008/06/22 11:56:44 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\KORKY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 22:26:48 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\KORKY\default.pls

========== LOP Check ==========

[2012/06/22 19:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/06/21 22:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/15 22:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/15 22:11:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/06/12 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/06/22 19:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/02/02 20:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/05 13:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovoSun Technology
[2011/06/05 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NsCodecPack
[2009/09/20 10:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/14 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/25 19:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/05/02 16:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/28 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/09/26 14:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Amazon
[2008/07/28 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Anthropics
[2012/04/15 09:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/08/29 16:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\calibre
[2009/05/11 14:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\dBpoweramp
[2010/03/03 21:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Digiarty
[2012/06/22 18:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\ElevatedDiagnostics
[2008/06/10 20:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Leadertech
[2011/09/26 19:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Mobile Atlas Creator
[2009/02/02 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\NCH Swift Sound
[2009/09/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\PC Suite
[2010/06/21 19:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Publish Providers
[2010/10/14 19:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Samsung
[2010/07/25 19:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Sony
[2008/06/12 21:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Teleca
[2008/06/28 12:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\TomTom
[2012/06/21 22:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\uTorrent
[2010/02/21 13:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Windows Desktop Search
[2010/02/21 14:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KORKY\Application Data\Windows Search
[2011/06/05 16:06:23 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2012/06/22 20:45:46 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D5266095-AFAD-4E67-801C-E8D36F9B0311}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\KORKY\addresss.csv:SummaryInformation
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91E29860

< End of report >

[Essexboy]

Hmm it did not want to go - lets see if Combofix shifts it

[paul_j_c2000]

hi i am trying compofix it has done scans then i had a message that it was shutting the computer down and to not reboot it yourself but it is just sitting there with the logging of screen?

[Essexboy]

How long has it been there, as it will need to prepare the log

[paul_j_c2000]

ComboFix 12-06-23.05 - KORKY 23/06/2012 13:17:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1636 [GMT 1:00]
Running from: c:\documents and settings\KORKY\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\KORKY\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\02d5e06884db2666.fb
c:\windows\system32\Cache\08caa3d60a904329.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\59099ed4cac37d00.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\bc8f32ff8fd099d1.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d9bf8efe19d949cb.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\e2e86b473d493809.sys
.
Infected copy of c:\windows\system32\Drivers\Volsnap.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\volsnap.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
-------\Legacy_e2e86b473d493809
-------\Service_e2e86b473d493809
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 11:37 . 2012-06-23 11:37 -------- d-----w- C:\_OTL
2012-06-22 22:09 . 2012-02-23 09:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-22 18:26 . 2012-06-22 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-06-22 17:58 . 2012-06-22 17:58 -------- d-----w- c:\documents and settings\KORKY\Local Settings\Application Data\FixItCenter
2012-06-22 17:53 . 2012-06-22 18:25 -------- d-----w- c:\windows\MATS
2012-06-22 17:53 . 2012-06-22 18:25 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-06-21 20:55 . 2012-06-21 20:55 0 ----a-w- c:\windows\system32\drivers\439CA7.SYS
2012-06-14 00:34 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 21:31 . 2012-03-30 13:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 21:31 . 2011-06-02 18:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 16:35 . 2008-06-09 15:03 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 16:35 . 2008-07-18 21:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19 . 2007-07-30 18:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2008-06-09 15:03 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2008-06-09 15:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2008-06-09 15:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2008-06-09 15:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2007-07-30 18:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2008-06-09 15:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2008-06-09 15:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-06-09 15:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2011-12-21 07:42 . 2012-01-26 19:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"MCW Startup"="c:\program files\Monitor Calibration Wizard\MCW.exe" [2002-12-20 321024]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864]
"OneTouch Monitor"="c:\program files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-10 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\KORKY\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-11 333088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [22/11/2009 18:18 6097]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [29/04/2012 23:25 932736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/09/2009 09:09 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:21 257224]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [09/06/2008 16:19 38656]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [08/02/2009 11:52 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/09/2009 09:09 133104]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [20/12/2011 21:43 25088]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [22/06/2008 11:28 11520]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [22/11/2009 18:18 299923]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:31]
.
2012-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-05 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-06-05 14:08]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 08:09]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 08:09]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{D5266095-AFAD-4E67-801C-E8D36F9B0311}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.69.158.131/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\KORKY\Application Data\Mozilla\Firefox\Profiles\nnckgvff.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\StkASv2K.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-06-23 13:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 12:39
.
Pre-Run: 31,705,071,616 bytes free
Post-Run: 31,696,945,152 bytes free
.
- - End Of File - - C2B1B28EB83EF89D7851FA332DF6C16D
This is what i have it took longer than i though i am now just getting a security alert for no antivirus i removed it before i started all this,what antivirus shall i put the avg free back on?paul

[paul_j_c2000]

what does it mean i have no recovery console ?

[Essexboy]

You are still showing as having AVG onboard... Reinstall AVG if you are happy with it

When combofix started did it offer to download the recovery console, and did you accept or deny that ?

How is the system behaving now ?

[paul_j_c2000]

Hi thanks for sticking with me yes i was asked about the recovery console but as i was unsure i left it? i have now managed to put avg back on and it appears to be working ok,the windows security centre warnings about no antivirus and no windows updates has gone.i only wished i understood what you did i am very impressed and will make a donation by paypal to the link to the fight against malware ,i have to say this is the best site i have been on in a long time really glad i found it and shall pass it around if there is anything else on this site you think might help a novice like me any input would be gratefully received,if i keep the combofix program on my desktop would it be of use to me in the future?

[Essexboy]

No combofix is updated very regularly so it really needs to be downloaded when required

Could you zip the following file for me and attach it to the next post

C:\Qoobox\Quarantine\c:\windows\system32\drivers\e2e86b473d493809.sys

I will delete it from your post once I have grabbed it

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall
  (Notice the space between the "x" and "/")
  then click OK
  
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

[paul_j_c2000]

hope i have done this right

[paul_j_c2000]

have i attached it i cant see anything ?

[Essexboy]

Nope it does not appear

At the bottom of the post select Browse
Once the Zip file is located select Attach
Then post [attachment=58562:Capture.JPG]

[paul_j_c2000]

Hi think i have it right this time sorry