Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG detected Kryptic Malware

Started by Rawzmad , Mar 31 2011 11:46 AM

  • Please log in to reply

#1
Rawzmad
Posted 31 March 2011 - 11:46 AM

Rawzmad

    New Member

  • Member
  • Pip
  • 1 posts
This morning, AVG Internet Security detected a Malware and put it in quarantine
virus name: Win32/Kryptic.MDM
Path to file: %LOCAL SETTINGS\APPLICATION DATA\TMM.EXE

Since then, a "Open With" pop-up show everything I want to run a program. I frequently have the "Application not found" error and some other times it's "C:\WINDOWS\system32\rundll32.exe Application not found"

Here is my log:
OTL logfile created on: 2011-03-31 12:13:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.66 Gb Free Space | 50.56% Space Free | Partition Type: NTFS

Computer Name: DAIGNEAULT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-03-31 12:12:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011-03-25 12:17:46 | 003,984,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011-03-18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-01-07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011-01-07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011-01-06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010-12-05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010-12-05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010-11-22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010-10-22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010-10-22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2004-08-12 08:33:56 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2004-08-12 08:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-08-28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2011-03-31 12:12:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010-08-23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004-08-12 08:25:12 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2004-08-12 08:24:43 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2004-08-12 08:24:43 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2004-08-12 08:24:36 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2004-08-12 08:18:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2004-08-12 08:18:31 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [1998-06-12 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSSCRFR.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011-01-06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010-11-22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010-10-22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009-09-15 14:07:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003-08-28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [1998-06-06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2010-12-08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010-11-12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010-09-13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010-09-07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010-09-07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010-08-19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010-08-19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-08-19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010-07-12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010-07-12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2007-06-18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006-05-10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-05-27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-01-31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004-06-24 18:29:04 | 000,747,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001-08-17 12:48:40 | 000,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011-03-30 08:30:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-24 16:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-24 16:22:17 | 000,000,000 | ---D | M]

[2011-03-31 11:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011-03-24 16:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-12-23 13:57:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011-03-30 08:30:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010-12-23 13:56:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-04-09 02:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-03-18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-12-23 13:56:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009-12-22 16:00:29 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (webCollect Toolbar Helper) - {926E3DBB-F9F0-4DA2-B3CA-F54DFDAD65D6} - C:\Program Files\webCollect toolbar\v3.2.0.0\webCollect_Toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
O3 - HKLM\..\Toolbar: (webCollect Toolbar) - {DF159BE7-E9BF-4252-88DA-33CCA235B48C} - C:\Program Files\webCollect toolbar\v3.2.0.0\webCollect_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.200.243.189 24.201.245.77
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-02-03 08:42:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-03-31 12:13:14 | 000,000,000 | ---D | C] -- C:\AVG10
[2011-03-31 12:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011-03-31 12:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011-03-31 11:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011-03-31 11:54:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011-03-31 11:50:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011-03-31 11:50:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011-03-31 11:50:23 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011-03-31 11:47:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011-03-31 11:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011-03-31 11:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011-03-31 11:02:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011-03-31 11:02:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011-03-31 11:02:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011-03-31 11:02:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011-03-31 11:02:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011-03-31 11:02:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011-03-31 11:02:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011-03-31 11:02:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011-03-31 11:02:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011-03-31 11:02:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011-03-31 11:02:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011-03-31 11:02:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011-03-31 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011-03-31 09:42:56 | 000,000,000 | ---D | C] -- C:\Adobe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-03-31 12:07:06 | 000,001,210 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fix2.reg
[2011-03-31 12:05:29 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-31 12:05:29 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-31 12:04:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-31 12:02:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-31 11:58:01 | 001,506,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-31 11:58:00 | 000,001,166 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-515967899-725345543-1003UA.job
[2011-03-31 11:53:14 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-31 11:53:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011-03-31 11:46:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-03-31 11:46:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-03-31 11:46:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-03-31 11:46:40 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011-03-31 11:44:02 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-03-31 11:43:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011-03-31 09:58:02 | 000,001,114 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-515967899-725345543-1003Core.job
[2011-03-31 09:29:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011-03-31 08:36:32 | 110,468,689 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011-03-31 08:16:16 | 000,001,224 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011-03-30 08:31:00 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011-03-26 08:25:27 | 000,648,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011-03-24 16:22:25 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011-03-22 09:44:31 | 000,007,287 | ---- | M] () -- C:\maillog_search
[2011-03-14 08:30:40 | 000,776,355 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011-03-09 14:16:59 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2011-03-07 15:04:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-03-31 12:07:06 | 000,001,210 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fix2.reg
[2011-03-31 11:50:10 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011-03-31 11:49:01 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011-03-31 11:48:47 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011-03-31 11:48:46 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011-03-31 11:48:44 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011-03-31 11:48:34 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011-03-31 11:48:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011-03-31 11:48:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011-03-31 11:47:58 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011-03-31 11:29:16 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011-03-31 11:29:16 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011-03-31 11:29:16 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011-03-31 11:29:16 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011-03-31 11:29:15 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011-03-31 11:29:15 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011-03-31 11:29:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011-03-31 11:29:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011-03-31 11:29:15 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011-03-31 11:29:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011-03-31 11:29:15 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011-03-31 11:29:15 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011-03-31 11:29:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011-03-31 11:29:15 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011-03-31 11:29:15 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011-03-31 11:29:15 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011-03-31 11:29:15 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011-03-31 11:29:14 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011-03-31 11:02:21 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011-03-31 11:02:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011-03-31 08:16:16 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011-03-24 16:22:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011-03-22 09:44:29 | 000,007,287 | ---- | C] () -- C:\maillog_search
[2010-07-29 14:10:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010-07-29 13:50:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-06-25 11:00:00 | 000,000,295 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2010-05-26 12:14:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-05-20 08:35:57 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010-05-20 08:35:47 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-08-27 14:49:41 | 000,000,071 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009-08-21 15:20:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-02-20 16:24:29 | 000,000,297 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009-02-18 09:47:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009-02-18 09:46:31 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009-02-18 09:46:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009-02-09 10:13:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-02-06 10:05:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009-02-03 14:21:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-02-03 11:13:06 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009-02-03 10:21:27 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-02-03 10:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-02-03 09:51:40 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009-02-03 09:51:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2009-02-03 08:44:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-02-03 08:39:11 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-02-03 01:42:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-02-03 01:41:08 | 001,506,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-08-15 07:48:00 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\kijuyb.dat
[2004-08-12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-12 08:27:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-08-12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-12 08:19:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-12 08:18:32 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 05:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 05:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998-06-11 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998-05-18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998-04-25 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2010-12-15 09:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010-12-15 09:47:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-03-31 17:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009-02-03 10:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010-12-15 09:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-03-09 14:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010-12-15 09:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D49B91E

< End of report >

OTL Extras logfile created on: 2011-03-31 12:13:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 37.66 Gb Free Space | 50.56% Space Free | Partition Type: NTFS

Computer Name: DAIGNEAULT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AceFTP 3 Freeware\Aceftp3free.exe" = C:\Program Files\AceFTP 3 Freeware\Aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{486CC64F-030A-4C9A-8716-87E26D28FKQ3REDUX}_is1" = King's Quest III Redux: To Heir is Human (1.0)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{707D2B5A-03CA-4632-A9D2-D484C6E9F3FE}" = Adobe Setup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A7A2EBB-3029-493A-8004-2FF7B3A7FF8A}" = Adobe Creative Suite 3 Web Standard
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_942" = Adobe Acrobat 9.4.2 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB557C20-AF8C-471E-AB56-0EBE5ECD007C}" = MySQL Workbench 5.1 OSS
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2bd2f2898f4adf51f1cbb829561bb29" = Add or Remove Adobe Creative Suite 3 Web Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"CA_VMN_antispyware" = CA VMN Anti-Spyware (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dungeon Keeper II" = Dungeon Keeper 2
"Grimmie Fear Screensaver" = Grimmie Fear Screensaver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Network Play System" = EA Network Play System
"Pdf995" = Pdf995
"QcDrv" = Logitech® Camera Driver
"uTorrent" = µTorrent
"Visual Studio 6.0 Édition Entreprise (fra)" = Microsoft Visual Studio 6.0 Édition Entreprise (Français)
"WebCEO70_is1" = Web CEO 8.1
"WebPost" = Assistant Publication de sites Web Microsoft 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-04-21 08:49:13 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:13 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:15 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:15 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:17 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:17 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:21 | Computer Name = DAIGNEAULT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 2010-04-21 08:49:21 | Computer Name = DAIGNEAULT | Source = Google Update | ID = 20
Description =

Error - 2010-04-27 10:17:36 | Computer Name = DAIGNEAULT | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 9.3.2.163, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2010-05-05 15:40:28 | Computer Name = DAIGNEAULT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, faulting module
unknown, version 0.0.0.0, fault address 0x0ae0c3d5.

[ System Events ]
Error - 2011-02-09 10:59:43 | Computer Name = DAIGNEAULT | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{50AA305E-64B1-43D6-B54A-A124377CA0A4}. The
backup browser is stopping.

Error - 2011-02-21 10:20:12 | Computer Name = DAIGNEAULT | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{50AA305E-64B1-43D6-B54A-A124377CA0A4}. The
backup browser is stopping.

Error - 2011-03-10 16:09:38 | Computer Name = DAIGNEAULT | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 2011-03-10 16:10:09 | Computer Name = DAIGNEAULT | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 2011-03-10 17:28:35 | Computer Name = DAIGNEAULT | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{50AA305E-64B1-43D6-B54A-A124377CA0A4}. The
backup browser is stopping.

Error - 2011-03-16 10:09:39 | Computer Name = DAIGNEAULT | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{50AA305E-64B1-43D6-B54A-A124377CA0A4}. The
backup browser is stopping.

Error - 2011-03-17 09:35:33 | Computer Name = DAIGNEAULT | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SERVERCOM2 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{50AA305E-64B1-43D. The master browser is stopping or an election is
being forced.

Error - 2011-03-31 12:46:28 | Computer Name = DAIGNEAULT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 2011-03-31 12:46:28 | Computer Name = DAIGNEAULT | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 2011-03-31 12:53:14 | Computer Name = DAIGNEAULT | Source = Setup | ID = 60055
Description = Windows Setup encountered non-fatal errors during installation. Please
check the setuperr.log found in your Windows directory for more informatio


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP