AntiVirus 8 (usual fixes don't seem to work)

View previous topic View next topic Go down

AntiVirus 8 (usual fixes don't seem to work)

Post by TomHewson on Sun 24 Oct 2010, 9:48 pm

Hello

Alas I confess to being infected with AV8.

Steps Taken
1. Removed malware manually via registry/file structure as per internet instructions = Windows 7 black screen of death
2. Fixed black screen via task manager and access to regedit
3. Downloaded Spyhunter (paid version) and ran
4. Downloaded Exterminate it and ran
5. Downloaded Malwarebytes anti-malware and ran
(accessed via google for some reason it doesn't block google.com) (all with latest updates)

Yet.... still browser high jacked with "ATTENTION you web page request has been cancelled" and a redirect to [You must be registered and logged in to see this link.]

Also AVG keeps giving a "Trojen horse FakeAlert.UD" error

I have a feeling that this is a VERY NEW version and is out ahead of the fixes... thoughts?

Andway here is the OTL info THANK YOU in advance (8hrs already spent on this)

OTL logfile created on: 24/10/2010 11:26:14 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Marion Hewson\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 197.82 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive D: | 1.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MARION_LAPTOP | User Name: Marion Hewson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 11:24:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marion Hewson\Downloads\OTL.com
PRC - [2010/10/14 00:42:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Marion Hewson\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/05 11:23:40 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/21 06:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Marion Hewson\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/21 09:13:29 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 16:37:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 16:37:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 16:36:55 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 16:36:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/18 00:30:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/11 05:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

OTL Extras logfile created on: 24/10/2010 11:26:14 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Marion Hewson\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 197.82 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive D: | 1.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MARION_LAPTOP | User Name: Marion Hewson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Marion Hewson] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

Re: AntiVirus 8 (usual fixes don't seem to work)

Post by Sneakyone on Mon 25 Oct 2010, 12:03 am

Hi, Welcome to GeekPolice.net!

Yours logs are cut off, could you please split them into multiple posts?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: AntiVirus 8 (usual fixes don't seem to work)

Post by TomHewson on Mon 25 Oct 2010, 1:36 am

Extra's Log


OTL Extras logfile created on: 24/10/2010 11:26:14 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Marion Hewson\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 197.82 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive D: | 1.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MARION_LAPTOP | User Name: Marion Hewson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML.Marion Hewson] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9EFA7323-47A0-48E2-8F77-35DB5EED500A}" = SpyHunter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban(TM)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Exterminate It!" = Exterminate It!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KS2 Maths National Tests_is1" = KS2 Maths National Tests
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2008b" = Microsoft Money Plus
"MyPublisher" = MyPublisher
"Sage Accounts 8.20" = Sage Accounts 8.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

OTL PT1 (I can't seem to upload together)

Post by TomHewson on Mon 25 Oct 2010, 1:55 am

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 197.82 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive D: | 1.02 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MARION_LAPTOP | User Name: Marion Hewson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 11:24:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marion Hewson\Downloads\OTL.com
PRC - [2010/10/14 00:42:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Marion Hewson\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/10/05 11:23:40 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/21 06:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Marion Hewson\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/21 09:13:29 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 16:37:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 16:37:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 16:36:55 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 16:36:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/18 00:30:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/11 05:17:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 11:24:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marion Hewson\Downloads\OTL.com
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 09:13:29 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 16:37:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/03 10:58:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/07/16 16:38:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 16:36:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:16:10 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/12/19 10:11:38 | 000,249,888 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/14 20:34:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RegistryQuick.exe] C:\Program Files\RegQuick\RegistryQuick.exe File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\4.0; File not found
O4 - Startup: C:\Users\Marion Hewson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\USA Trip\Highlights\IMG_0152.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\USA Trip\Highlights\IMG_0152.JPG
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/17 09:07:36 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005/07/20 07:00:30 | 000,000,057 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{618bf931-bce7-11de-ae5f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{618bf931-bce7-11de-ae5f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun\AutoRun.exe -- [2006/12/21 20:25:25 | 000,046,640 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

OTL Pt2 (I can't seem to upload together)

Post by TomHewson on Mon 25 Oct 2010, 1:57 am


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\Windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 10:17:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/24 00:00:04 | 000,000,000 | ---D | C] -- C:\Users\Marion Hewson\AppData\Roaming\Malwarebytes
[2010/10/23 23:45:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/23 23:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/23 23:45:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/23 23:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2010/10/23 23:21:50 | 000,000,000 | ---D | C] -- C:\Users\Marion Hewson\Desktop\Downloads
[2010/10/23 23:21:41 | 000,000,000 | ---D | C] -- C:\Users\Marion Hewson\AppData\Roaming\GetRightToGo
[2010/10/23 22:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/23 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\New folder (2)
[2010/10/23 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\New folder
[2010/10/23 15:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/10/23 14:29:14 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/10/23 14:27:21 | 000,000,000 | ---D | C] -- C:\Windows\9EFA732347A048E28F7735DB5EED500A.TMP
[2010/10/23 14:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/23 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\RegQuick
[2010/10/20 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/14 11:27:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 11:27:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 11:27:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 11:27:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 11:27:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 11:27:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 11:27:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 11:27:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 11:27:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 11:27:19 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 11:27:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 11:27:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 11:27:14 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 11:27:14 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 11:27:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 11:27:08 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 11:27:06 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 11:27:05 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010/10/07 14:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/06 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/10/06 21:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/06 21:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/10/06 21:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/04 20:59:33 | 000,000,000 | ---D | C] -- C:\Temp
[2010/09/30 06:52:23 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/09/29 12:37:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marion Hewson\Documents\*.tmp files -> C:\Users\Marion Hewson\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/24 11:09:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-725345543-1004UA.job
[2010/10/24 11:05:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/24 10:47:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-725345543-1003UA.job
[2010/10/24 10:09:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-725345543-1004Core.job
[2010/10/24 10:05:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 08:51:19 | 066,735,897 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/10/24 08:43:29 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 08:43:29 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 08:35:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 08:35:45 | 152,239,371 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/24 08:35:42 | 797,519,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 00:47:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-725345543-1003Core.job
[2010/10/23 23:23:12 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2010/10/23 22:22:10 | 001,018,290 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/10/23 12:24:18 | 000,645,632 | ---- | M] () -- C:\Users\Marion Hewson\Desktop\Vocal techniques(Joshua's Homework).ppt
[2010/10/23 10:03:10 | 000,216,576 | ---- | M] () -- C:\Users\Marion Hewson\Desktop\Joshua Tutorial.ppt
[2010/10/22 13:14:16 | 000,053,248 | ---- | M] () -- C:\Users\Marion Hewson\Documents\SQ Fax cover sheet.doc
[2010/10/21 17:34:37 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/21 17:34:37 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/18 18:11:32 | 014,979,072 | ---- | M] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW.mny
[2010/10/18 18:11:29 | 014,983,112 | R--- | M] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-10-18_181128.mbf
[2010/10/18 10:46:43 | 001,122,662 | ---- | M] () -- C:\Users\Marion Hewson\Proof of Address and Birth.pdf
[2010/10/15 16:26:44 | 000,024,594 | ---- | M] () -- C:\Users\Marion Hewson\Documents\Hewson pay 2009-2010.xlsx
[2010/10/15 16:24:09 | 000,012,176 | ---- | M] () -- C:\Users\Marion Hewson\Documents\Building Schedule.xlsx
[2010/10/14 20:49:30 | 000,411,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 12:36:46 | 000,013,967 | ---- | M] () -- C:\Users\Marion Hewson\Documents\Year 8 Homework Timetable.xlsx
[2010/10/13 09:27:04 | 000,000,165 | -H-- | M] () -- C:\Users\Marion Hewson\Documents\~$Building Schedule.xlsx
[2010/10/05 14:14:05 | 000,020,480 | ---- | M] () -- C:\Users\Marion Hewson\Documents\Menu planner.xls
[2010/10/04 20:33:22 | 016,031,944 | R--- | M] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-10-04_203314.mbf
[2010/09/30 06:47:49 | 017,556,024 | R--- | M] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-09-30_064739.mbf
[2010/09/28 20:13:30 | 000,014,996 | ---- | M] () -- C:\Users\Marion Hewson\Desktop\Peter Tables.xlsx
[2010/09/27 10:34:07 | 000,009,251 | ---- | M] () -- C:\Users\Marion Hewson\Documents\USA 2011 Cost.xlsx
[2010/09/26 22:08:19 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/26 17:56:09 | 000,183,518 | ---- | M] () -- C:\Users\Marion Hewson\Documents\PDR.dmp
[2010/09/26 17:16:49 | 008,514,402 | ---- | M] () -- C:\Users\Marion Hewson\Desktop\PowerDirector_UG.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marion Hewson\Documents\*.tmp files -> C:\Users\Marion Hewson\Documents\*.tmp -> ]

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

OTL Pt3 (I can't seem to upload together)

Post by TomHewson on Mon 25 Oct 2010, 2:27 am


========== Files Created - No Company Name ==========

[2010/10/23 23:23:12 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2010/10/23 22:21:42 | 001,018,290 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/10/18 18:11:29 | 014,983,112 | R--- | C] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-10-18_181128.mbf
[2010/10/18 10:46:26 | 001,122,662 | ---- | C] () -- C:\Users\Marion Hewson\Proof of Address and Birth.pdf
[2010/10/14 12:36:40 | 000,013,967 | ---- | C] () -- C:\Users\Marion Hewson\Documents\Year 8 Homework Timetable.xlsx
[2010/10/13 09:27:04 | 000,000,165 | -H-- | C] () -- C:\Users\Marion Hewson\Documents\~$Building Schedule.xlsx
[2010/10/04 20:33:22 | 016,031,944 | R--- | C] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-10-04_203314.mbf
[2010/10/04 13:35:59 | 000,053,248 | ---- | C] () -- C:\Users\Marion Hewson\Documents\SQ Fax cover sheet.doc
[2010/10/04 13:34:50 | 000,046,592 | ---- | C] () -- C:\Users\Marion Hewson\Documents\Invoice Letterhead.doc
[2010/09/30 06:47:48 | 017,556,024 | R--- | C] () -- C:\Users\Marion Hewson\Documents\Elthorne AccountsNEW Backup_2010-09-30_064739.mbf
[2010/09/26 22:08:19 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/26 18:32:14 | 000,205,534 | ---- | C] () -- C:\Users\Marion Hewson\Documents\bureau-bosman-bioscoop-theater-tijdens-de-vakbeurs-groothandel-logistiek-336746-FGR.png
[2010/09/26 17:16:45 | 008,514,402 | ---- | C] () -- C:\Users\Marion Hewson\Desktop\PowerDirector_UG.pdf
[2010/09/05 18:17:53 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/07/14 20:21:16 | 000,002,875 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/19 21:41:17 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/17 21:54:36 | 000,000,126 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/17 21:54:08 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2009/10/17 21:54:08 | 000,001,191 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/10/17 21:54:08 | 000,000,286 | ---- | C] () -- C:\Windows\SAGE.INI
[2009/10/17 21:54:07 | 000,270,336 | ---- | C] () -- C:\Windows\System32\Sglist32.dll
[2009/10/17 21:54:07 | 000,256,512 | ---- | C] () -- C:\Windows\System32\SGOPopDg.dll
[2009/10/17 21:54:07 | 000,245,760 | ---- | C] () -- C:\Windows\System32\Sgtool32.dll
[2009/10/17 21:54:07 | 000,229,376 | ---- | C] () -- C:\Windows\System32\Sglch32.dll
[2009/10/17 21:54:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\Sgtbar32.dll
[2009/10/17 21:54:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2009/10/17 21:54:07 | 000,172,032 | ---- | C] () -- C:\Windows\System32\Sghelp32.dll
[2009/10/17 21:54:07 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Sgintl32.dll
[2009/10/17 21:54:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Sgdt32.dll
[2009/10/17 21:54:07 | 000,049,152 | ---- | C] () -- C:\Windows\System32\Sgstat32.dll
[2009/10/17 21:54:07 | 000,049,152 | ---- | C] () -- C:\Windows\System32\Sglogo32.dll
[2009/10/17 21:54:06 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Sgcdlg32.dll
[2009/10/17 21:54:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2009/10/17 21:54:06 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Sgcom32.dll
[2009/10/17 21:54:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\Sgappbar.dll
[2009/10/17 21:54:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\Sg3d32.dll
[2009/10/17 21:54:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2009/10/17 21:54:05 | 001,466,368 | ---- | C] () -- C:\Windows\System32\Sgrep32.dll
[2009/10/16 23:09:43 | 000,004,315 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

OTL Pt4 (I can't seem to upload together)

Post by TomHewson on Mon 25 Oct 2010, 2:29 am



< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/10/16 23:23:42 | 000,000,355 | -H-- | M] () -- C:\Boot.BAK
[2009/10/17 08:35:59 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/10/20 05:40:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/24 08:35:42 | 797,519,872 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/16 22:19:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/16 22:19:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/16 22:35:51 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/16 22:35:51 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/24 08:35:49 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%*. >
[2010/10/20 20:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/19 20:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/19 20:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/01 18:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\BBC iPlayer Desktop
[2009/10/19 20:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\BitLocker
[2009/10/19 20:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/23 23:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/16 22:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/08/30 18:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/07/14 08:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/04/30 19:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/05/02 18:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/10/23 15:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/10/23 23:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\Exterminate It!
[2010/09/26 22:03:42 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/11 20:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/09/05 18:18:22 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/10/21 18:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\Intel Corporation
[2010/10/14 20:48:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/19 20:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/10/19 20:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/12/18 00:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/23 23:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/11 23:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/19 20:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/10/19 20:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/11/22 21:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2009/11/22 22:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money Plus
[2009/10/19 20:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/30 11:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/19 20:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/10/19 20:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/10/19 20:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/19 20:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/19 20:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 03:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/10/19 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/19 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/10/19 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/10/19 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/15 22:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/29 17:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2010/10/23 21:58:19 | 000,000,000 | ---D | M] -- C:\Program Files\New folder
[2010/10/23 21:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\New folder (2)
[2010/10/06 21:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/10/16 22:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/10/19 20:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/23 13:46:19 | 000,000,000 | ---D | M] -- C:\Program Files\RegQuick
[2009/10/19 20:51:54 | 000,000,000 | ---D | M] -- C:\Program Files\Sage
[2009/10/17 21:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Sage EBanking
[2009/10/19 20:52:05 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/30 18:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2010/09/05 18:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/10/19 20:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/19 20:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/19 20:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 08:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/12 00:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/10/19 20:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/13 03:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 20:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/19 20:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 05:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/10/19 20:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/14 20:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

OTL Pt5 (I can't seem to upload together)

Post by TomHewson on Mon 25 Oct 2010, 2:32 am

I have tried maybe 20x to post the final piece of the OTL but I just get a page not found for [You must be registered and logged in to see this link.]

tell me if you need it, maybe i can send message...arrrrgghh

thanks so much for your help

TomHewson

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-24
Operating System : Windows 7

View user profile

Back to top Go down

Re: AntiVirus 8 (usual fixes don't seem to work)

Post by Sneakyone on Mon 25 Oct 2010, 4:53 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: AntiVirus 8 (usual fixes don't seem to work)

Post by Sponsored content Today at 2:27 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum