Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winxp, ie8 and google trouble [Closed]

Started by Cabal18 , Aug 14 2012 02:56 AM

  • This topic is locked This topic is locked

#1
Cabal18
Posted 14 August 2012 - 02:56 AM

Cabal18

    New Member

  • Member
  • Pip
  • 2 posts
HI

short story: wife say microsoft icon gone i check and found it but wouldnt work
uninstall it and try reinstall wouldnt go i have avast temp install protect pc
then fun started the REdirecting of my ie8 and google and slugness of the pc and and web page
me think some thing crawl in from the cold and attack the pc i try some of your work BUT what it name
... Gooredfix and OTM frooze the pc other didnt work i trying OTL hear like a highjack .im going round web site for help using caches as i cant click on links this 1st web site that open good for me . avast not bad but it very touchy what web site i go on so i like my microsoft security program back and my web site stop jumping around and i thank you all in advance . here my OTL log only

OTL logfile created on: 14/08/2012 09:37:49 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Gordon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.74% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 92.98 Gb Free Space | 31.19% Space Free | Partition Type: NTFS

Computer Name: GORDON-478014EA | User Name: Gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 09:26:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gordon\My Documents\Downloads\OTL.exe
PRC - [2012/08/08 21:31:17 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/05 08:47:46 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/12 13:50:30 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2011/05/12 14:17:17 | 001,858,048 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/03 10:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 07:39:34 | 001,793,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081400\algo.dll
MOD - [2012/08/13 19:21:50 | 001,793,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12081301\algo.dll
MOD - [2012/08/08 21:31:16 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\ppgooglenaclpluginchrome.dll
MOD - [2012/08/08 21:31:14 | 012,235,800 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll
MOD - [2012/08/08 21:31:13 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\pdf.dll
MOD - [2012/08/08 21:29:56 | 000,526,872 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\libglesv2.dll
MOD - [2012/08/08 21:29:55 | 000,104,984 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\libegl.dll
MOD - [2012/08/08 21:29:44 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avutil-51.dll
MOD - [2012/08/08 21:29:43 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avformat-54.dll
MOD - [2012/08/08 21:29:42 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\avcodec-54.dll
MOD - [2012/06/14 10:45:37 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 14:57:56 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 14:57:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/12 06:23:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 06:23:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 15:06:27 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 08:39:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 08:33:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 08:33:29 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/06 19:01:48 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/05/24 22:58:28 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/06/13 13:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- -- (MsMpSvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/07/12 13:50:30 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/10/09 22:11:08 | 000,724,992 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBService.exe -- (NBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva399.sys -- (XDva399)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 17:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 17:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 07:54:50 | 000,075,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2011/07/13 13:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 13:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/07/12 13:50:32 | 002,805,744 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/07/06 11:16:08 | 004,137,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/25 05:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/04/25 11:31:12 | 001,174,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://entertainment.uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 07 7A 1E 64 49 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3198785
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/05/18 10:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\extensions
[2012/08/05 08:35:02 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/08/05 08:35:02 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/08/13 12:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/08/05 08:35:02 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/05/13 16:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (no name) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1325956823140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341579618734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C494290-9F06-4CEF-A701-7AD4D61796C8}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gordon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gordon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/20 13:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13a3b196-b553-11e1-8100-1c6f65dab4f9}\Shell - "" = AutoRun
O33 - MountPoints2\{13a3b196-b553-11e1-8100-1c6f65dab4f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{13a3b196-b553-11e1-8100-1c6f65dab4f9}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{44e5a10f-8f7f-11e1-80b0-1c6f65dab4f9}\Shell - "" = AutoRun
O33 - MountPoints2\{44e5a10f-8f7f-11e1-80b0-1c6f65dab4f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44e5a10f-8f7f-11e1-80b0-1c6f65dab4f9}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{5816f7d4-82fd-11e1-808c-000f53810451}\Shell - "" = AutoRun
O33 - MountPoints2\{5816f7d4-82fd-11e1-808c-000f53810451}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5816f7d4-82fd-11e1-808c-000f53810451}\Shell\AutoRun\command - "" = E:\install.exe
O33 - MountPoints2\{b009ec61-b0af-11e1-80fd-1c6f65dab4f9}\Shell - "" = AutoRun
O33 - MountPoints2\{b009ec61-b0af-11e1-80fd-1c6f65dab4f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b009ec61-b0af-11e1-80fd-1c6f65dab4f9}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{b73123b0-3f4a-11e1-bfd4-1c6f65dab4f9}\Shell - "" = AutoRun
O33 - MountPoints2\{b73123b0-3f4a-11e1-bfd4-1c6f65dab4f9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 09:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Desktop\GooredFix Backups
[2012/08/14 09:00:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/14 08:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\reg
[2012/08/14 08:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\ie and google web help
[2012/08/13 10:30:26 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/13 10:30:26 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/13 10:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2012/08/13 10:30:25 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/13 10:30:25 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/13 10:30:24 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/13 10:30:24 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/13 10:30:24 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/13 10:30:23 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/13 10:29:41 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/13 10:29:40 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/13 10:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/13 10:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/08/13 10:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\WhiteSmoke_US
[2012/08/13 07:56:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/13 07:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Temp
[2012/08/12 08:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\OpenCandy
[2012/08/12 07:53:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Gordon\Exploror
[2012/08/11 14:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/08/11 11:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2012/08/11 11:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\Babylon
[2012/08/11 11:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\YourFileDownloader
[2012/08/10 00:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Adobe
[2012/08/09 21:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\adbode cleaner win
[2012/08/09 21:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop Cs6
[2012/08/09 18:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Adobe Photoshop CS6
[2012/08/09 10:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\My Downloads
[2012/08/08 11:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\PackageAware
[2012/08/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AnvSoft
[2012/08/08 10:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2012/08/05 08:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Start Menu\Programs\Google Chrome
[2012/08/02 14:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/07/31 10:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\ATI
[2012/07/31 10:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\ATI
[2012/07/31 10:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2012/07/31 10:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/31 10:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Catalyst Control Center
[2012/07/31 10:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/31 10:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/30 12:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ImgBurn
[2012/07/30 11:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\ImgBurn
[2012/07/30 10:32:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gordon\My Documents\My Videos
[2012/07/30 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/07/28 18:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Photoshop work base
[2012/07/27 15:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero
[2012/07/27 15:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/07/27 15:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/07/27 12:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Perfect Uninstaller
[2012/07/27 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\SoundBox
[2012/07/25 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Kit
[2012/07/23 20:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\SystemRequirementsLab
[2012/07/23 17:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Battlefield 2142
[2012/07/23 17:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Electronic Arts
[2012/07/23 17:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/07/23 13:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\Activision
[2012/07/23 12:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Application Data\Tunngle
[2012/07/23 12:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tunngle
[2012/07/23 12:43:52 | 000,027,136 | ---- | C] (Tunngle.net) -- C:\WINDOWS\System32\drivers\tap0901t.sys
[2012/07/23 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Activision
[2012/07/23 11:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\cod waw cheats
[2012/07/23 10:40:06 | 333,121,235 | ---- | C] (Activision ) -- C:\Documents and Settings\Gordon\My Documents\CoDWaW-1.0.1017-PatchSetup.exe
[2012/07/20 20:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Backup folder outlook
[2012/07/17 19:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\Local Settings\Application Data\GFInstaller
[2012/07/17 18:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2012/07/17 14:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gordon\My Documents\Battlefield 2
[2012/07/17 14:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EA GAMES
[2012/07/16 16:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MediaMonkey
[2012/07/16 16:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MediaMonkey
[2012/07/15 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero 7 Ultra Edition
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 09:53:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-842925246-1177238915-1004UA.job
[2012/08/14 09:05:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/14 09:05:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[2012/08/14 09:05:01 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/08/14 09:04:59 | 003,476,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 09:03:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/14 08:53:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-842925246-1177238915-1004Core.job
[2012/08/14 07:48:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C701F98-E9EE-4870-A99C-98874B10859A}.job
[2012/08/14 02:00:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GORDON-478014EA-Gordon.job
[2012/08/14 01:59:17 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Google Chrome.lnk
[2012/08/14 01:59:17 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/13 21:18:05 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\World of Warcraft.lnk
[2012/08/13 20:39:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/13 14:54:34 | 000,002,039 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 14:54:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/13 10:30:27 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2012/08/13 10:30:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/13 10:20:33 | 000,370,336 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\avast-antivirusSetup.exe
[2012/08/13 09:17:34 | 000,147,585 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\BleepingComputer Discussion Forums.htm
[2012/08/12 08:02:05 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2012/08/11 18:35:33 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Glary Utilities.lnk
[2012/08/11 10:29:04 | 000,001,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.MVP
[2012/08/10 09:54:03 | 060,593,085 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\PHOTOSHOP CS6 FOR DUMMIES.pdf
[2012/08/10 09:14:04 | 020,083,063 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\photoshop_reference.pdf
[2012/08/09 22:09:01 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Adobe Photoshop CS6.lnk
[2012/08/09 11:04:15 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Internet Explorer Browser.lnk
[2012/08/08 16:49:50 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/08 11:50:26 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/08 10:49:05 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Any Video Converter.lnk
[2012/08/05 16:40:35 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Gordon\Application Data\default.rss
[2012/08/05 08:47:06 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/07/30 16:50:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\free shoot em up.rtf
[2012/07/27 15:49:14 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/07/27 15:49:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero 9 StartSmart.lnk
[2012/07/27 12:16:25 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\Perfect Uninstaller.lnk
[2012/07/25 19:07:35 | 000,281,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/07/25 18:33:28 | 000,281,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/07/25 17:43:19 | 000,139,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/25 10:24:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2012/07/25 09:53:20 | 000,473,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/25 09:53:19 | 000,076,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/23 17:49:42 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Battlefield 2142.lnk
[2012/07/23 17:28:22 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\CoD-WaW-mp.lnk
[2012/07/23 16:40:50 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Gordon\Application Data\PnkBstrK.sys
[2012/07/23 16:40:30 | 000,682,280 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/07/23 12:46:40 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/07/23 11:04:22 | 333,121,235 | ---- | M] (Activision ) -- C:\Documents and Settings\Gordon\My Documents\CoDWaW-1.0.1017-PatchSetup.exe
[2012/07/22 15:46:34 | 000,071,994 | ---- | M] () -- C:\Documents and Settings\Gordon\My Documents\me and shaz.jpg
[2012/07/19 18:56:23 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Play BF2 Online Now!.lnk
[2012/07/16 16:05:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MediaMonkey.lnk
[2012/07/16 12:32:30 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Gordon\Desktop\TeamSpeak 3 Client.lnk
[2012/07/15 16:13:03 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\Gordon\default.pls
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 20:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/13 10:30:27 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2012/08/13 10:30:24 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/13 10:20:31 | 000,370,336 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\avast-antivirusSetup.exe
[2012/08/13 09:17:34 | 000,147,585 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\BleepingComputer Discussion Forums.htm
[2012/08/12 08:02:05 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Winamp.lnk
[2012/08/11 14:23:12 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\runonce3.dll
[2012/08/11 11:16:31 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job
[2012/08/10 11:51:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/10 09:44:11 | 060,593,085 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\PHOTOSHOP CS6 FOR DUMMIES.pdf
[2012/08/10 09:14:08 | 020,083,063 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\photoshop_reference.pdf
[2012/08/09 22:30:01 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GORDON-478014EA-Gordon.job
[2012/08/09 22:09:01 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\Adobe Photoshop CS6.lnk
[2012/08/09 21:47:36 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/08/09 21:45:36 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/08/09 21:42:47 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/09 21:42:26 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/08 10:49:05 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\Any Video Converter.lnk
[2012/08/05 08:47:29 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/05 08:45:37 | 000,002,299 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\Google Chrome.lnk
[2012/08/05 08:45:37 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/05 08:41:05 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-842925246-1177238915-1004UA.job
[2012/08/05 08:41:04 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-842925246-1177238915-1004Core.job
[2012/07/30 21:54:42 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\AccRestore.exe
[2012/07/30 16:50:53 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\free shoot em up.rtf
[2012/07/27 17:20:12 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\default.rss
[2012/07/27 15:49:14 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero 9 StartSmart.lnk
[2012/07/27 12:16:25 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\Perfect Uninstaller.lnk
[2012/07/27 12:09:07 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\WINSPOOL.WIN
[2012/07/23 17:49:42 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Battlefield 2142.lnk
[2012/07/23 17:28:22 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\CoD-WaW-mp.lnk
[2012/07/22 15:46:42 | 000,071,994 | ---- | C] () -- C:\Documents and Settings\Gordon\My Documents\me and shaz.jpg
[2012/07/19 18:55:28 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Play BF2 Online Now!.lnk
[2012/07/16 16:05:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MediaMonkey.lnk
[2012/07/16 12:32:30 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Gordon\Desktop\TeamSpeak 3 Client.lnk
[2012/07/15 22:47:43 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012/07/01 14:57:38 | 000,001,299 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2012/06/29 16:26:23 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/06/25 16:45:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/06/25 11:17:10 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2012/05/07 13:53:15 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\Gordon\Adobe Encore DVD_VUI.pref
[2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/04/26 16:08:55 | 000,139,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/04/26 16:08:48 | 000,281,808 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/04/26 16:08:35 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 07:57:05 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\PnkBstrK.sys
[2012/04/19 16:33:07 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2012/04/15 10:54:44 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\AutoGK.ini
[2012/04/01 11:49:13 | 000,000,677 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/03/30 13:15:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012/03/23 19:57:21 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Gordon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/15 14:43:02 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/02/15 06:50:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 14:01:06 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gordon\Application Data\Adobe GIF Format CS5 Prefs
[2012/01/23 19:14:50 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Gordon\default.pls
[2012/01/19 20:45:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/14 14:23:54 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/13 14:14:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/12 19:39:09 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2012/01/12 19:39:09 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2012/01/07 18:14:07 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/01/07 17:49:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/07 17:45:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/07 17:38:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/07 17:36:47 | 003,476,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 10:58:21 | 000,363,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1801674531-261478967-1606980848-1004-0.dat
[2011/10/12 10:58:20 | 000,192,818 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/22 17:58:28 | 001,321,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/08 03:59:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/07/08 03:59:54 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/05/13 16:01:54 | 000,233,765 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2012/08/13 10:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/08/11 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2012/04/10 13:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare
[2012/07/02 18:29:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/06/13 16:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2012/06/07 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
[2012/03/17 17:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\id Software
[2012/07/16 16:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MediaMonkey
[2012/04/18 04:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2012/03/15 14:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ralink Driver
[2012/08/09 21:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
[2012/01/13 14:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2012/07/05 16:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
[2012/07/23 12:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tunngle
[2012/05/31 14:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\.minecraft
[2012/01/17 13:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Acreon
[2012/07/02 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\AnvSoft
[2012/01/13 12:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Auslogics
[2012/08/11 11:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Babylon
[2012/06/22 12:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/22 10:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Comical
[2012/06/18 09:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\CompuClever
[2012/07/03 11:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\DAEMON Tools Lite
[2012/07/03 11:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\DAEMON Tools Pro
[2012/08/13 12:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\DVD Catalyst 4
[2012/07/31 13:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\ElevatedDiagnostics
[2012/03/09 14:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Foxit Software
[2012/07/05 17:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\GlarySoft
[2012/06/22 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Godlike
[2012/07/30 12:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\ImgBurn
[2012/06/13 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Leawo
[2012/08/08 17:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\MediaMonkey
[2012/01/13 14:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\MobMapUpdater
[2012/02/07 10:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\nswb
[2012/05/07 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\OnLive App
[2012/08/12 08:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\OpenCandy
[2012/04/25 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\PDAppFlex
[2012/04/15 12:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/23 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\SystemRequirementsLab
[2012/02/24 20:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\TeamViewer
[2012/06/13 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\tiger-k
[2012/06/13 16:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Toolbar4
[2012/04/26 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\TS3Client
[2012/07/23 12:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Tunngle
[2012/08/14 09:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\uTorrent
[2012/01/17 12:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Windows Live Writer
[2012/04/15 10:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\Xilisoft
[2012/08/11 11:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gordon\Application Data\YourFileDownloader
[2012/08/14 09:05:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/08/14 09:05:01 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/08/14 07:48:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C701F98-E9EE-4870-A99C-98874B10859A}.job
[2012/08/14 09:05:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\Your File Updater.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB17750$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
OTL Extras logfile created on: 14/08/2012 09:37:49 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Gordon\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.74% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 92.98 Gb Free Space | 31.19% Space Free | Partition Type: NTFS

Computer Name: GORDON-478014EA | User Name: Gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe Photoshop Cs6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Explore] -- C:\WINDOWS\explorer.exe "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:BF2142
"29900:TCP" = 29900:TCP:*:Enabled:BF2142
"29920:TCP" = 29920:TCP:*:Enabled:BF2142
"28910:TCP" = 28910:TCP:*:Enabled:BF2142
"4711:TCP" = 4711:TCP:*:Enabled:BF2142

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\YourFileDownloader\Downloader.exe" = C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590F4980-1C17-EF89-E0C8-1D5866385DD5}" = CCC Help English
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5ECA5B22-4073-8A6D-2E7E-8F4C39FC4309}" = Catalyst Control Center InstallProxy
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7234061E-3D70-2682-F47B-75A5D2F83685}" = Catalyst Control Center
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Active@ DVD Eraser v 1.1" = Active@ DVD Eraser v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.4.0
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cross Fire_is1" = Cross Fire En
"DVD Catalyst" = DVD Catalyst 4.0.2.3
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"Glary Utilities_is1" = Glary Utilities Pro 2.47.0.1539
"Guild Wars" = Guild Wars
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OpenAL" = OpenAL
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"Temp File Cleaner" = Temp File Cleaner
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2012 04:42:06 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1000
Description = Faulting application crossfire.exe, version 1.1.14.8, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 25/07/2012 04:54:26 | Computer Name = GORDON-478014EA | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/07/2012 13:59:56 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0000002a.

Error - 26/07/2012 10:37:41 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1000
Description = Faulting application crossfire.exe, version 1.1.14.8, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 27/07/2012 05:20:22 | Computer Name = GORDON-478014EA | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.1.3.27220, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/07/2012 06:01:48 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1000
Description = Faulting application lame.exe, version 0.0.0.0, faulting module lame.exe,
version 0.0.0.0, fault address 0x000554c6.

Error - 27/07/2012 06:01:56 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1001
Description = Fault bucket 147731105.

Error - 27/07/2012 07:13:27 | Computer Name = GORDON-478014EA | Source = Application Hang | ID = 1002
Description = Hanging application PU.exe, version 6.3.3.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27/07/2012 11:15:22 | Computer Name = GORDON-478014EA | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 2.1.1116.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27/07/2012 11:38:02 | Computer Name = GORDON-478014EA | Source = Application Error | ID = 1000
Description = Faulting application infotool.exe, version 6.4.12.100, faulting module
infotool.exe, version 6.4.12.100, fault address 0x00042e2c.

[ System Events ]
Error - 13/08/2012 07:45:08 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 13/08/2012 07:45:11 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 3 time(s).

Error - 13/08/2012 07:45:21 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 13/08/2012 19:36:56 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 14/08/2012 02:48:01 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 14/08/2012 02:48:01 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 14/08/2012 04:00:05 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 14/08/2012 04:00:07 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 14/08/2012 04:00:07 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The VIA Karaoke digital mixer Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 14/08/2012 04:00:07 | Computer Name = GORDON-478014EA | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

[ Windows PowerShell Events ]
Error - 16/01/2012 20:29:31 | Computer Name = GORDON-478014EA | Source = PowerShell | ID = 103
Description = Settings: Access to the path 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\Certificate.format.ps1xml'
is denied. Details: ExceptionClass=UnauthorizedAccessException ErrorCategory= ErrorId=
ErrorMessage=Access
to the path 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\Certificate.format.ps1xml'
is denied. Severity=Error SequenceNumber= HostName=Default MSH Host HostVersion=1.0.0.0
HostId=eec51002-1cdb-4bba-9fe6-9eb27b40fcdf
EngineVersion=1.0.0.0
RunspaceId=aac8fd6b-fe10-4c59-9d77-45af0a8fa5fc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

AdditionalInfo:
Name=;Value=
Name=;Value=
Name=;Value=

Error - 06/07/2012 09:23:52 | Computer Name = GORDON-478014EA | Source = PowerShell | ID = 103
Description = Settings: Access to the path 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\Certificate.format.ps1xml'
is denied. Details: ExceptionClass=UnauthorizedAccessException ErrorCategory= ErrorId=
ErrorMessage=Access
to the path 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\Certificate.format.ps1xml'
is denied. Severity=Error SequenceNumber= HostName=Default MSH Host HostVersion=1.0.0.0
HostId=42df9ac5-ed98-4c05-aac3-88b40cd8bf4f
EngineVersion=1.0.0.0
RunspaceId=2d9cf015-00d7-4f6f-ad43-f5412c86a033
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

AdditionalInfo:
Name=;Value=
Name=;Value=
Name=;Value=


< End of report >


Thanks
Cab

Edited by Cabal18, 14 August 2012 - 02:57 AM.

  • 0

Advertisements

#2
Essexboy
Posted 14 August 2012 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you are showing signs of a sirfef infection

Lets clear the toolbars first, then check out the infection

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Essexboy
Posted 18 August 2012 - 07:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP