1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Links redirected to wrong sites

Discussion in 'Virus & Other Malware Removal' started by Frankie107, Mar 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    Before running ComboFix then let's run this tool:

    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  2. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    Here are the two logs


    OTL logfile created on: 07/03/2013 18:38:08 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Frank\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.97 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 71.49% Memory free
    3.82 Gb Paging File | 3.33 Gb Available in Paging File | 87.25% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 212.89 Gb Total Space | 133.04 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
    Drive D: | 19.99 Gb Total Space | 17.74 Gb Free Space | 88.72% Space Free | Partition Type: NTFS

    Computer Name: FRANKKINGHORN | User Name: Frank | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/07 18:35:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    PRC - [2013/03/01 15:27:11 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/03 11:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/03/08 21:59:26 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/03/01 15:27:11 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/21 13:56:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/03 11:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/03/06 09:12:54 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
    DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2012/11/09 15:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2012/11/09 15:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2009/10/07 08:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/10/07 08:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/06/16 14:43:18 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
    DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2007/11/27 23:21:56 | 000,310,016 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
    DRV - [2007/10/16 17:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/08/16 10:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
    DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2004/08/11 04:42:28 | 000,454,815 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
    DRV - [2004/03/10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
    DRV - [2004/02/24 09:55:20 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2004/02/24 09:55:20 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2004/02/24 09:55:20 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2004/02/24 09:55:20 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/02/24 09:55:20 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/02/24 09:55:20 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2004/02/24 09:55:20 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/07/09 09:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
    DRV - [2002/07/09 09:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
    DRV - [2002/07/09 09:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
    DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/public/weather/forecast/glasgow?tab=fiveDay
    IE - HKCU\..\SearchScopes,DefaultScope = {68D7F07A-093F-454F-A9D8-A15EBCDFC303}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{68D7F07A-093F-454F-A9D8-A15EBCDFC303}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.cathkinbraesgolfclub.co.uk/"
    FF - prefs.js..keyword.URL: "http://www.virginmedia.com/?loc=ff_address_bar&search="
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE4513685BC04"
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE45136F1BD71"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 13:11:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 17:57:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GetLyrics\FF\ [2013/03/04 17:10:51 | 000,000,000 | ---D | M]

    [2008/11/25 20:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
    [2013/03/07 10:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\extensions
    [2009/08/11 16:11:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2009/03/21 11:10:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\searchplugins\MyStart Search.xml
    [2011/08/02 20:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/03/06 07:35:41 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
    [2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.brsgolf.com/cathkinbraes/members_booking.php?operation=member_info
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Email this page (by Google) = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
    CHR - Extension: Get Lyrics = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meppmgfehplfblhnjfikekckcngogbai\1.110_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Get Lyrics) - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files\GetLyrics\getlrcs.dll (LEV Addons)
    O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
    O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1209641435343 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341834544812 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5200EE3D-81A1-4FB0-A8B1-A83181E2298C}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/30 16:57:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/07 18:35:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    [2013/03/07 17:31:05 | 000,000,000 | --SD | C] -- C:\puppy
    [2013/03/06 23:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/03/06 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/03/06 07:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
    [2013/03/06 00:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2013/03/06 00:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Start Menu\Programs\Revo Uninstaller
    [2013/03/05 23:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2013/03/05 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\SecureSearch
    [2013/03/05 23:54:25 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
    [2013/03/05 23:54:25 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
    [2013/03/05 22:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\ElevatedDiagnostics
    [2013/03/05 21:53:25 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Frank\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.34285947457540286.1.1.Run.exe
    [2013/03/05 20:21:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/03/05 20:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/03/05 20:20:55 | 005,037,561 | R--- | C] (Swearware) -- C:\Documents and Settings\Frank\Desktop\puppy.exe
    [2013/03/05 19:23:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller (1).exe
    [2013/03/04 17:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\AVG2013
    [2013/03/04 17:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/03/04 17:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\xVidly
    [2013/03/04 10:09:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HijackThis.exe
    [2013/03/04 00:23:11 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/03/04 00:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2013/03/03 23:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Local Settings\Application Data\Avg2013
    [2013/03/03 18:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
    [2013/03/03 18:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\player
    [2013/03/03 16:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\GetLyrics
    [2013/03/01 15:27:34 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/01 15:27:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/01 15:27:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/01 15:27:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/12 22:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Canon MyCameraFiles
    [2013/02/12 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon_Inc_IC
    [2013/02/12 14:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\CANON INC
    [2013/02/06 09:59:16 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2013/02/06 09:59:16 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2012/09/26 20:20:57 | 004,411,736 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2013_2677_cnet.exe
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/07 18:38:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA0CE7C5-5DF6-4085-A7B4-2674DF713A68}.job
    [2013/03/07 18:35:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    [2013/03/07 18:32:01 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
    [2013/03/07 17:37:00 | 000,652,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/07 17:37:00 | 000,140,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/07 17:33:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/07 17:33:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/03/07 17:33:09 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Get Lyrics Update.job
    [2013/03/07 17:32:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/07 17:32:31 | 2112,409,600 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/07 17:23:52 | 005,037,561 | R--- | M] (Swearware) -- C:\Documents and Settings\Frank\Desktop\puppy.exe
    [2013/03/07 17:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/07 17:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/07 16:41:45 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\RemoveAdaware4.zip
    [2013/03/07 14:24:17 | 050,807,808 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\7 March 2013 Outlook folders.pst
    [2013/03/07 02:00:04 | 000,000,698 | ---- | M] () -- C:\WINDOWS\tasks\Backup of Data to Drive F.job
    [2013/03/06 23:24:47 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\NTREGOPT.lnk
    [2013/03/06 23:24:47 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
    [2013/03/06 09:12:54 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
    [2013/03/06 09:12:54 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
    [2013/03/06 07:41:53 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
    [2013/03/06 00:01:32 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Revo Uninstaller.lnk
    [2013/03/05 22:46:48 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to Dubai cruise excursions.pdf.lnk
    [2013/03/05 21:53:25 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Frank\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.34285947457540286.1.1.Run.exe
    [2013/03/05 21:23:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\SystemLook (1).exe
    [2013/03/05 20:35:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/05 19:23:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller (1).exe
    [2013/03/05 14:29:18 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/03/05 07:53:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/04 19:22:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/03/04 10:19:36 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\0hky9lll.exe
    [2013/03/04 10:07:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HijackThis.exe
    [2013/03/04 00:23:38 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/03/04 00:19:23 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2013/03/03 23:33:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/03/03 22:47:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2013/03/03 22:38:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/03/03 21:16:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2013/03/03 21:14:53 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/03/03 21:14:53 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/03/03 21:14:43 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/03/01 15:27:12 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/03/01 15:27:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/01 15:27:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/01 15:27:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/01 15:27:10 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/03/01 15:27:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/03/01 15:27:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/27 04:00:00 | 000,000,720 | ---- | M] () -- C:\WINDOWS\tasks\Backup of System Partition.job
    [2013/02/21 13:56:08 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/21 13:56:08 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/19 20:52:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/02/18 22:47:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2013/02/17 12:11:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2013/02/17 12:01:57 | 000,099,520 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2013/02/13 11:42:17 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/02/13 11:23:20 | 000,457,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 09:52:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/09 19:04:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Cathkin golfers.msg
    [2013/02/08 05:03:08 | 002,816,504 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2013/02/08 05:03:02 | 019,189,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2013/02/08 05:03:02 | 001,010,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2013/02/08 05:03:00 | 004,494,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
    [2013/02/08 05:02:58 | 007,536,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2013/02/08 05:02:58 | 002,581,792 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2013/02/08 05:02:56 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2013/02/08 05:02:56 | 002,389,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2013/02/08 05:02:56 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2013/02/08 05:02:44 | 012,648,960 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
    [2013/02/08 05:02:44 | 000,015,449 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [2013/02/08 05:02:42 | 005,967,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2013/02/08 05:02:42 | 001,869,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/07 16:41:44 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\RemoveAdaware4.zip
    [2013/03/07 12:52:34 | 050,807,808 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\7 March 2013 Outlook folders.pst
    [2013/03/06 23:24:47 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\NTREGOPT.lnk
    [2013/03/06 23:24:47 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
    [2013/03/06 00:01:32 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Revo Uninstaller.lnk
    [2013/03/05 23:58:52 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
    [2013/03/05 22:46:48 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to Dubai cruise excursions.pdf.lnk
    [2013/03/05 21:23:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\SystemLook (1).exe
    [2013/03/05 07:53:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/04 17:25:57 | 2112,409,600 | -HS- | C] () -- C:\hiberfil.sys
    [2013/03/04 10:19:35 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\0hky9lll.exe
    [2013/03/04 00:23:38 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/03/03 23:25:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/03/03 16:46:53 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Get Lyrics Update.job
    [2013/02/17 12:01:57 | 000,099,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2013/02/12 22:25:27 | 000,498,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/02/09 19:04:04 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Cathkin golfers.msg
    [2013/02/08 05:02:44 | 000,015,449 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2012/10/16 14:04:34 | 000,038,485 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\Comma Separated Values (Windows).ADR
    [2012/09/01 10:55:01 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\dt.dat
    [2012/02/15 09:44:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/18 16:08:22 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2011/09/06 20:45:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/05/21 05:01:00 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/05/02 09:20:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/05/02 09:20:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/02/17 20:09:51 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\3iy6w688yblr30c21e47pw
    [2011/02/17 20:09:51 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3iy6w688yblr30c21e47pw
    [2010/11/04 22:59:31 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Frank\default.pls
    [2009/10/27 10:11:56 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1998/07/13 09:06:20 | 000,347,136 | ---- | C] () -- C:\Program Files\Dellinks.xla

    ========== ZeroAccess Check ==========

    [2008/05/01 08:49:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


    OTL Extras logfile created on: 07/03/2013 18:38:08 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Frank\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.97 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 71.49% Memory free
    3.82 Gb Paging File | 3.33 Gb Available in Paging File | 87.25% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 212.89 Gb Total Space | 133.04 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
    Drive D: | 19.99 Gb Total Space | 17.74 Gb Free Space | 88.72% Space Free | Partition Type: NTFS

    Computer Name: FRANKKINGHORN | User Name: Frank | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
    "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
    "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
    "{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
    "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
    "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
    "{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
    "{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
    "{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.1
    "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.71
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
    "{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C09DB99-F67A-4848-9079-0B5E216AD134}" = BIOS Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
    "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = Camera Suite
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.74
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.74
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
    "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C6115A28-F277-4E82-B067-84D28BF21033}" = Nero 7 Essentials
    "{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
    "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd &#8220;LegacyDriver&#8221; (05/31/2012 7.1.2.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "AVG" = AVG 2013
    "CameraWindowDC" = Canon Utilities CameraWindow DC 8
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon iP4700 series User Registration" = Canon iP4700 series User Registration
    "Canon MOV Encoder" = Canon MOV Encoder
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CSCLIB" = Canon Camera Support Core Library
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "ERUNT_is1" = ERUNT 1.1j
    "Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
    "[email protected]" = Get Lyrics
    "Google Chrome" = Google Chrome
    "GreatFamily" = GreatFamily 2.2.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
    "InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
    "InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
    "InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
    "Logitech Resource Center" = Logitech Resource Center
    "Logitech Vid" = Logitech Vid HD
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "MAGIX Movies on CD & DVD TerraTec Edition UK" = MAGIX Movies on CD & DVD TerraTec Edition 6.0.3.7 (UK)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Suite" = Nokia Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Nvu_is1" = Nvu 1.0PR
    "PDF Editor 2" = PDF Editor 2
    "Pdf995" = Pdf995
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows CE Services" = Microsoft ActiveSync 3.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 03/03/2013 19:15:20 | Computer Name = FRANKKINGHORN | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 03/03/2013 20:06:39 | Computer Name = FRANKKINGHORN | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 03/03/2013 20:07:53 | Computer Name = FRANKKINGHORN | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 03/03/2013 20:12:24 | Computer Name = FRANKKINGHORN | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 04/03/2013 09:32:30 | Computer Name = FRANKKINGHORN | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 07/03/2013 08:27:17 | Computer Name = FRANKKINGHORN | Source = Application Error | ID = 1000
    Description = Faulting application roxupd~1.exe, version 6.1.1.48, faulting module
    softwareupdater.dll, version 6.1.1.48, fault address 0x0000a6e1.

    Error - 07/03/2013 08:27:23 | Computer Name = FRANKKINGHORN | Source = Application Error | ID = 1001
    Description = Fault bucket 100950924.

    Error - 07/03/2013 09:41:36 | Computer Name = FRANKKINGHORN | Source = Application Hang | ID = 1002
    Description = Hanging application creatorc.exe, version 6.1.1.48, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 07/03/2013 10:25:02 | Computer Name = FRANKKINGHORN | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 07/03/2013 10:25:11 | Computer Name = FRANKKINGHORN | Source = Application Hang | ID = 1001
    Description = Fault bucket 734037209.

    [ System Events ]
    Error - 07/03/2013 13:24:08 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 07/03/2013 13:25:41 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 07/03/2013 13:33:01 | Computer Name = FRANKKINGHORN | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 07/03/2013 13:33:01 | Computer Name = FRANKKINGHORN | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 07/03/2013 13:33:20 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service iPod Service
    with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

    Error - 07/03/2013 13:34:21 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 07/03/2013 13:53:33 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 07/03/2013 13:53:35 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 07/03/2013 13:54:18 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

    Error - 07/03/2013 14:33:15 | Computer Name = FRANKKINGHORN | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service MDM with arguments
    "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


    < End of report >
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

    Code:
    :OTL
    DRV - [2013/03/06 09:12:54 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848 CADE4513685BC04"
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.startup.homepage: http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848 CADE45136F1BD71
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\GetLyrcis@levaddons. com: C:\Program Files\GetLyrics\FF\ [2013/03/04 17:10:51 | 000,000,000 | ---D | M]
    [2009/03/21 11:10:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\searchplugins\MyStart Search.xml
    [2013/03/06 07:35:41 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
    CHR - Extension: Get Lyrics = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meppmgfehplfblhnjfikekckcngogbai\1.110_0\
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Get Lyrics) - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files\GetLyrics\getlrcs.dll (LEV Addons)
    O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    [2013/03/05 23:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\SecureSearch
    [2013/03/05 23:54:25 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
    [2013/03/05 23:54:25 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
    [2013/03/03 18:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
    [2013/03/03 18:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\player
    [2013/03/03 16:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\GetLyrics
    [2012/09/26 20:20:57 | 004,411,736 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2013_2677_cnet.exe
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2013/03/07 17:33:09 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Get Lyrics Update.job
    [2013/03/06 09:12:54 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
    [2013/03/06 09:12:54 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
    [2013/03/06 07:41:53 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
    [2013/03/03 22:38:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/09/06 20:45:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/02/17 20:09:51 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\3iy6w688yblr30c21e47pw
    [2011/02/17 20:09:51 | 000,001,318 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3iy6w688yblr30c21e47pw
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    Now, we'll change the permissions on those Legacy keys temporarily so please copy the following line of text:

    swreg acl HKLM\SYSTEM\CurrentControlSet\Enum\Root /E /GE:F

    Then go to Start - Run and type cmd to open the command prompt window.

    Right-click the mouse at the command prompt and the command you copied should appear. Press Enter.

    If it worked, you should see this message:
    Please do the same thing for the following lines (on at a time):

    swreg acl HKLM\SYSTEM\ControlSet004\Enum\Root /E /GE:F
    swreg acl HKLM\SYSTEM\ControlSet002\Enum\Root /E /GE:F
    swreg acl HKLM\SYSTEM\ControlSet001\Enum\Root /E /GE:F

    Once you've done all of those commans please run the attached RemoveAd-Aware5 fix. Reboot the machine after that and run SystemLook again with the command:

    Code:
    :regfind
    Lavasoft
     

    Attached Files:

  5. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    I've just seen your post about changing permissions on the Legacy keys but I've not managed to run the OTL yet. When I tried to it hung and I'm just about to try again.
     
  6. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    I'm getting confused here, I need some clarification please. I've tried twice to run OTL but both times it seems to hang with "Processing 034 - HKLM BootExecute:Isdelete.exe" showing in the line at the bottom. When I give up and open Task Manager it says OTL is not responding. Is there something wrong, or am I just being too impatient and should wait more that 7 or 8 minutes for the Run Fix to finish? And where does your later message about changing permissions stand? Sorry if I'm being thick.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    That line pertains to a leftover from Ad-Aware. I've edited the fix to remove that line to see if the fix will run better without it. We can always change that one manually. Try running OTL in safe mode.
     
  8. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    Well I managed it eventually. I did have to run in Safe mode - and so had to do a workaround to get your text over to that mode to paste in for the Run Fix. However here now is the Quick Scan log from OTL


    OTL logfile created on: 07/03/2013 20:32:47 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Frank\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.97 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 71.68% Memory free
    3.82 Gb Paging File | 3.44 Gb Available in Paging File | 90.17% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 212.89 Gb Total Space | 133.03 Gb Free Space | 62.49% Space Free | Partition Type: NTFS
    Drive D: | 19.99 Gb Total Space | 17.74 Gb Free Space | 88.72% Space Free | Partition Type: NTFS

    Computer Name: FRANKKINGHORN | User Name: Frank | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/07 18:35:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    PRC - [2013/03/01 15:27:11 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
    PRC - [2013/01/03 11:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/03/08 21:59:26 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/03/01 15:27:11 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/21 13:56:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/03 11:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2012/11/09 15:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2012/11/09 15:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2012/11/09 15:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/17 13:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2009/10/07 08:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/10/07 08:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/06/16 14:43:18 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
    DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2007/11/27 23:21:56 | 000,310,016 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
    DRV - [2007/10/16 17:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/08/16 10:09:38 | 000,003,604 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\BIOS Update\Award\BS_Flash.sys -- (BS_Flash)
    DRV - [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2004/08/11 04:42:28 | 000,454,815 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
    DRV - [2004/03/10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
    DRV - [2004/02/24 09:55:20 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2004/02/24 09:55:20 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2004/02/24 09:55:20 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2004/02/24 09:55:20 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/02/24 09:55:20 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/02/24 09:55:20 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2004/02/24 09:55:20 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2002/07/09 09:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
    DRV - [2002/07/09 09:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
    DRV - [2002/07/09 09:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
    DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/public/weather/forecast/glasgow?tab=fiveDay
    IE - HKCU\..\SearchScopes,DefaultScope = {68D7F07A-093F-454F-A9D8-A15EBCDFC303}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{68D7F07A-093F-454F-A9D8-A15EBCDFC303}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.cathkinbraesgolfclub.co.uk/"
    FF - prefs.js..keyword.URL: "http://www.virginmedia.com/?loc=ff_address_bar&search="
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE4513685BC04"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE45136F1BD71"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 13:11:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 17:57:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GetLyrics\FF\

    [2008/11/25 20:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
    [2013/03/07 10:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\extensions
    [2009/08/11 16:11:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
    [2011/08/02 20:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.brsgolf.com/cathkinbraes/members_booking.php?operation=member_info
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Email this page (by Google) = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1209641435343 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341834544812 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5200EE3D-81A1-4FB0-A8B1-A83181E2298C}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/30 16:57:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (c:\progra~1\avg\avg2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/07 20:05:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/03/07 19:35:14 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/03/07 18:35:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    [2013/03/07 17:31:05 | 000,000,000 | --SD | C] -- C:\puppy
    [2013/03/06 23:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/03/06 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/03/06 07:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
    [2013/03/06 00:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2013/03/06 00:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Start Menu\Programs\Revo Uninstaller
    [2013/03/05 23:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2013/03/05 22:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\ElevatedDiagnostics
    [2013/03/05 20:21:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/03/05 20:21:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/03/05 20:20:55 | 005,037,561 | R--- | C] (Swearware) -- C:\Documents and Settings\Frank\Desktop\puppy.exe
    [2013/03/05 19:23:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller (1).exe
    [2013/03/04 17:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\AVG2013
    [2013/03/04 17:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/03/04 17:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\xVidly
    [2013/03/04 10:09:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HijackThis.exe
    [2013/03/04 00:23:11 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/03/04 00:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2013/03/03 23:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Local Settings\Application Data\Avg2013
    [2013/02/12 22:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Canon MyCameraFiles
    [2013/02/12 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon_Inc_IC
    [2013/02/12 14:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\CANON INC

    ========== Files - Modified Within 30 Days ==========

    [2013/03/07 20:32:00 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
    [2013/03/07 20:31:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/07 20:31:53 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/03/07 20:31:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/07 20:31:40 | 2112,409,600 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/07 20:24:16 | 000,652,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/07 20:24:16 | 000,140,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/07 20:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/07 20:22:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/07 18:35:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
    [2013/03/07 17:23:52 | 005,037,561 | R--- | M] (Swearware) -- C:\Documents and Settings\Frank\Desktop\puppy.exe
    [2013/03/07 14:24:17 | 050,807,808 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\7 March 2013 Outlook folders.pst
    [2013/03/07 02:00:04 | 000,000,698 | ---- | M] () -- C:\WINDOWS\tasks\Backup of Data to Drive F.job
    [2013/03/06 23:24:47 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\NTREGOPT.lnk
    [2013/03/06 23:24:47 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
    [2013/03/06 00:01:32 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Revo Uninstaller.lnk
    [2013/03/05 22:46:48 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to Dubai cruise excursions.pdf.lnk
    [2013/03/05 21:23:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\SystemLook (1).exe
    [2013/03/05 20:35:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/05 19:23:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Frank\Desktop\tdsskiller (1).exe
    [2013/03/05 14:29:18 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/03/05 07:53:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/04 19:22:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/03/04 10:19:36 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\0hky9lll.exe
    [2013/03/04 10:07:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HijackThis.exe
    [2013/03/04 00:23:38 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/03/04 00:19:23 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2013/03/03 23:33:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/03/03 22:47:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2013/03/03 21:16:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2013/03/03 21:14:53 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/03/03 21:14:53 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/03/03 21:14:43 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/02/27 04:00:00 | 000,000,720 | ---- | M] () -- C:\WINDOWS\tasks\Backup of System Partition.job
    [2013/02/19 20:52:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/02/18 22:47:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2013/02/17 12:11:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2013/02/17 12:01:57 | 000,099,520 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2013/02/13 11:42:17 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/02/13 11:23:20 | 000,457,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 09:52:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/09 19:04:05 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Cathkin golfers.msg
    [2013/02/08 05:03:08 | 002,816,504 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2013/02/08 05:02:44 | 000,015,449 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb

    ========== Files Created - No Company Name ==========

    [2013/03/07 20:31:40 | 2112,409,600 | -HS- | C] () -- C:\hiberfil.sys
    [2013/03/07 12:52:34 | 050,807,808 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\7 March 2013 Outlook folders.pst
    [2013/03/06 23:24:47 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\NTREGOPT.lnk
    [2013/03/06 23:24:47 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\ERUNT.lnk
    [2013/03/06 00:01:32 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Revo Uninstaller.lnk
    [2013/03/05 22:46:48 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Shortcut to Dubai cruise excursions.pdf.lnk
    [2013/03/05 21:23:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\SystemLook (1).exe
    [2013/03/05 07:53:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/04 10:19:35 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\0hky9lll.exe
    [2013/03/04 00:23:38 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/03/03 23:25:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/02/17 12:01:57 | 000,099,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2013/02/12 22:25:27 | 000,498,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/02/09 19:04:04 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Cathkin golfers.msg
    [2013/02/08 05:02:44 | 000,015,449 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2012/10/16 14:04:34 | 000,038,485 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\Comma Separated Values (Windows).ADR
    [2012/09/01 10:55:01 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\dt.dat
    [2012/02/15 09:44:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/18 16:08:22 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2011/05/21 05:01:00 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/05/02 09:20:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/05/02 09:20:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2010/11/04 22:59:31 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Frank\default.pls
    [2009/10/27 10:11:56 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1998/07/13 09:06:20 | 000,347,136 | ---- | C] () -- C:\Program Files\Dellinks.xla

    ========== ZeroAccess Check ==========

    [2008/05/01 08:49:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/10/17 10:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2010/11/12 11:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2012/10/01 20:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/01/22 18:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
    [2013/03/04 17:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2010/10/23 07:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/08/24 20:39:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/08/24 21:22:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2013/02/12 22:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
    [2011/05/21 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cH06511PpPeN06511
    [2010/10/23 07:29:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/03/05 23:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2011/04/10 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eOa31001fDmIg31001
    [2011/02/27 09:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fAaAjIb06308
    [2011/08/05 13:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
    [2009/03/21 11:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/03/21 11:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2009/02/16 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2013/03/07 17:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/05/29 17:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2011/06/09 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaAccount
    [2012/03/28 16:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
    [2011/06/08 22:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2012/12/29 18:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2009/12/08 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2013/03/06 09:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
    [2008/11/27 14:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2008/11/27 14:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    [2009/03/30 09:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2011/10/24 14:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    [2011/10/24 14:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}(2)
    [2010/07/21 10:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
    [2009/09/17 22:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/14 18:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/12/22 15:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    [2012/10/01 20:16:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2010/03/08 10:39:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Frank\Application Data\.#
    [2012/10/01 20:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVG
    [2013/03/04 17:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVG2013
    [2009/11/03 10:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVG9
    [2013/02/14 16:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Canon
    [2012/05/08 21:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Canon Easy-WebPrint EX
    [2010/11/12 09:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\CD-LabelPrint
    [2008/11/26 15:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/03/05 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ElevatedDiagnostics
    [2011/08/04 13:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Fighters
    [2008/11/26 12:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Leadertech
    [2012/01/20 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Nokia
    [2011/06/08 22:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Nokia Ovi Suite
    [2011/11/17 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Nokia Suite
    [2012/03/26 14:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Nvu
    [2012/07/17 17:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Oracle
    [2011/06/08 22:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\PC Suite
    [2010/03/08 22:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\pdf995
    [2008/11/27 14:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ScanSoft
    [2010/03/08 10:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Serif
    [2012/09/26 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\TuneUp Software
    [2011/10/09 11:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Uniblue
    [2008/11/26 15:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Windows Desktop Search
    [2008/11/25 19:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    You can go ahead and run the instructions in post no. 34. I'm not sure if it will work as it needs a file extracted from ComboFix but give it a try.
     
  10. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    This doesn't seem to work. I assume I have to click on OK after typing cmd, and when I right click at the end of C:\Documents and Settings\Frank> which appears in the command box I then have to select "paste" from the resulting dialogue box, but get a message saying swreg is not recognised.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    OK, I thought that might happen because ComboFix hasn't been run yet.

    Let's go ahead and run ComboFix even if it alerts to Ad-aware being present.
     
  12. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    Well maybe we're getting there. Here's the CombiFix log. It first had to download/instal Microsoft Windows recovery console because it said it either was not on the machine or needed updating.

    ComboFix 13-03-07.02 - Frank 07/03/2013 21:47:18.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2014.1408 [GMT 0:00]
    Running from: c:\documents and settings\Frank\Desktop\puppy.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Frank\Application Data\.#
    c:\documents and settings\Frank\WINDOWS
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-07 20:15 . 2013-03-07 20:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2013-03-07 19:35 . 2013-03-07 19:35 -------- d-----w- C:\_OTL
    2013-03-07 19:24 . 2013-03-07 19:24 -------- d-----w- c:\documents and settings\Guest\Application Data\AVG2013
    2013-03-07 19:24 . 2013-03-07 19:24 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Avg2013
    2013-03-06 23:24 . 2013-03-06 23:25 -------- d-----w- c:\program files\ERUNT
    2013-03-06 07:35 . 2013-03-06 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Search Protection
    2013-03-06 00:01 . 2013-03-06 00:01 -------- d-----w- c:\program files\VS Revo Group
    2013-03-05 23:55 . 2013-03-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2013-03-05 22:00 . 2013-03-05 22:00 -------- d-----w- c:\documents and settings\Frank\Application Data\ElevatedDiagnostics
    2013-03-05 17:26 . 2013-03-05 17:26 -------- d-----w- c:\documents and settings\Nora\Application Data\AVG2013
    2013-03-05 15:33 . 2013-03-05 17:26 -------- d-----w- c:\documents and settings\Nora\Local Settings\Application Data\Avg2013
    2013-03-04 17:24 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\Frank\Application Data\AVG2013
    2013-03-04 17:10 . 2013-03-04 17:10 -------- d-----w- c:\program files\xVidly
    2013-03-04 16:57 . 2013-03-04 16:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2013-03-04 00:23 . 2013-03-04 17:24 -------- d-----w- C:\$AVG
    2013-03-04 00:23 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
    2013-03-03 23:01 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\Frank\Local Settings\Application Data\Avg2013
    2013-03-01 15:27 . 2013-03-01 15:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2013-02-12 22:24 . 2013-02-12 22:24 -------- d-----w- c:\program files\Common Files\Canon_Inc_IC
    2013-02-12 14:27 . 2013-02-12 14:27 -------- d-----w- c:\documents and settings\Frank\Application Data\CANON INC
    2013-02-07 15:39 . 2013-02-07 15:39 -------- d-----w- c:\documents and settings\Nora\Local Settings\Application Data\Google
    2013-02-06 09:59 . 2013-02-08 05:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2013-02-06 09:59 . 2013-02-08 05:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-01 15:27 . 2009-03-06 10:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-01 15:27 . 2012-07-17 17:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-01 15:27 . 2012-07-17 17:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-21 13:56 . 2012-04-29 08:04 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 13:56 . 2011-06-04 21:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-08 05:03 . 2012-03-13 22:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
    2013-02-08 05:03 . 2007-07-23 16:44 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
    2013-02-08 05:03 . 2007-07-23 16:44 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
    2013-02-08 05:02 . 2010-01-12 12:03 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-08 05:02 . 2008-09-17 22:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-08 05:02 . 2010-01-12 12:03 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-08 05:02 . 2007-07-23 16:44 2389504 ----a-w- c:\windows\system32\nvapi.dll
    2013-02-08 05:02 . 2007-07-23 16:44 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2013-02-08 05:02 . 2010-01-12 12:03 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-01-26 03:55 . 2006-02-28 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-17 01:28 . 2009-10-17 10:47 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-07 01:19 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2006-02-28 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-03 08:44 . 2010-07-09 15:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2013-01-03 08:44 . 2010-07-09 15:24 108984 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-03 08:44 . 2010-07-09 15:24 156600 ----a-w- c:\windows\system32\nvsvc32.exe
    2013-01-03 08:44 . 2010-07-09 15:24 15515576 ----a-w- c:\windows\system32\nvcpl.dll
    2013-01-03 08:44 . 2010-07-09 15:24 144312 ----a-w- c:\windows\system32\nvcolor.exe
    2013-01-02 06:49 . 2006-02-28 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 16:49 . 2008-11-25 22:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 15:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
    2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    2002-07-09 09:50 28672 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 07:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2013-01-03 08:44 15515576 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2010-03-16 21:16 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-05-01 18:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-10-16 17:30 16855552 ----a-w- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 04:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
    2007-01-29 10:00 86016 ----a-w- c:\program files\MAGIX\Movies_on_CD_DVD_6_TerraTec_Edition\Trayserver.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "idsvc"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "NVSvc"=2 (0x2)
    "NBService"=3 (0x3)
    "MDM"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "WSearch"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 164832]
    R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [25/11/2008 15:00 6272]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15/11/2012 23:34 5814904]
    S2 gupdate1c9ae576d11a812;Google Update Service (gupdate1c9ae576d11a812);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 21:11 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536]
    S3 BS_Flash;BS_Flash;c:\program files\BIOS Update\Award\BS_Flash.sys [25/11/2008 15:00 3604]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/02/2009 21:30 1527900]
    S3 GrabsterSeries.X86;GRABSTER SERIES, Service X86;c:\windows\system32\drivers\GrabsterSeries.X86.SYS [16/02/2009 21:26 310016]
    S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [01/05/2008 08:37 454815]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-05 14:25 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 13:56]
    .
    2013-03-07 c:\windows\Tasks\Backup of Data to Drive F.job
    - c:\windows\system32\ntbackup.exe [2001-08-17 21:36]
    .
    2013-02-27 c:\windows\Tasks\Backup of System Partition.job
    - c:\windows\system32\ntbackup.exe [2001-08-17 21:36]
    .
    2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:11]
    .
    2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:11]
    .
    2013-03-07 c:\windows\Tasks\ROC_REG_JAN.job
    - c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
    .
    2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.metoffice.gov.uk/public/weather/forecast/glasgow?tab=fiveDay
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.cathkinbraesgolfclub.co.uk/
    FF - prefs.js: keyword.URL - hxxp://www.virginmedia.com/?loc=ff_address_bar&search=
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE4513685BC04
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848CADE45136F1BD71
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
    MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
    MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\vid.exe
    MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    [email protected] - c:\program files\GetLyrics\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-07 21:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-560562112-3749280852-3929859953-1010\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-03-07 21:55:50
    ComboFix-quarantined-files.txt 2013-03-07 21:55
    .
    Pre-Run: 142,790,455,296 bytes free
    Post-Run: 144,534,102,016 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - A0A77EE8BC490F21818B511324E79BAD
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    DirLook::
    c:\documents and settings\All Users\Application Data\Search Protection
    c:\documents and settings\Frank\Application Data\ElevatedDiagnostics
    
    Folder::
    c:\program files\xVidly
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848 CADE4513685BC04
    FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=0E341B98A8360B848 CADE45136F1BD71
     
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  14. Frankie107

    Frankie107 Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    107
    OK all done



    ComboFix 13-03-07.02 - Frank 07/03/2013 23:50:48.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2014.1235 [GMT 0:00]
    Running from: c:\documents and settings\Frank\Desktop\puppy.exe
    Command switches used :: c:\documents and settings\Frank\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\xVidly
    c:\program files\xVidly\xVidly Plus+\XvidlyPlus_1100-1120_v109.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-07 23:27 . 2013-03-07 23:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-07 20:15 . 2013-03-07 20:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2013-03-07 19:35 . 2013-03-07 19:35 -------- d-----w- C:\_OTL
    2013-03-07 19:24 . 2013-03-07 19:24 -------- d-----w- c:\documents and settings\Guest\Application Data\AVG2013
    2013-03-07 19:24 . 2013-03-07 19:24 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Avg2013
    2013-03-06 23:24 . 2013-03-06 23:25 -------- d-----w- c:\program files\ERUNT
    2013-03-06 07:35 . 2013-03-06 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Search Protection
    2013-03-06 00:01 . 2013-03-06 00:01 -------- d-----w- c:\program files\VS Revo Group
    2013-03-05 23:55 . 2013-03-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2013-03-05 22:00 . 2013-03-05 22:00 -------- d-----w- c:\documents and settings\Frank\Application Data\ElevatedDiagnostics
    2013-03-05 17:26 . 2013-03-05 17:26 -------- d-----w- c:\documents and settings\Nora\Application Data\AVG2013
    2013-03-05 15:33 . 2013-03-05 17:26 -------- d-----w- c:\documents and settings\Nora\Local Settings\Application Data\Avg2013
    2013-03-04 17:24 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\Frank\Application Data\AVG2013
    2013-03-04 16:57 . 2013-03-04 16:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2013-03-04 00:23 . 2013-03-04 17:24 -------- d-----w- C:\$AVG
    2013-03-04 00:23 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
    2013-03-03 23:01 . 2013-03-04 17:24 -------- d-----w- c:\documents and settings\Frank\Local Settings\Application Data\Avg2013
    2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2013-02-12 22:24 . 2013-02-12 22:24 -------- d-----w- c:\program files\Common Files\Canon_Inc_IC
    2013-02-12 14:27 . 2013-02-12 14:27 -------- d-----w- c:\documents and settings\Frank\Application Data\CANON INC
    2013-02-07 15:39 . 2013-02-07 15:39 -------- d-----w- c:\documents and settings\Nora\Local Settings\Application Data\Google
    2013-02-06 09:59 . 2013-02-08 05:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2013-02-06 09:59 . 2013-02-08 05:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-07 23:27 . 2012-07-17 17:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-07 23:27 . 2012-07-17 17:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-07 23:27 . 2009-03-06 10:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-21 13:56 . 2012-04-29 08:04 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 13:56 . 2011-06-04 21:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-08 05:03 . 2012-03-13 22:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
    2013-02-08 05:03 . 2007-07-23 16:44 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
    2013-02-08 05:03 . 2007-07-23 16:44 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
    2013-02-08 05:02 . 2010-01-12 12:03 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-08 05:02 . 2008-09-17 22:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-08 05:02 . 2010-01-12 12:03 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-08 05:02 . 2007-07-23 16:44 2389504 ----a-w- c:\windows\system32\nvapi.dll
    2013-02-08 05:02 . 2007-07-23 16:44 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2013-02-08 05:02 . 2010-01-12 12:03 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-01-26 03:55 . 2006-02-28 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-17 01:28 . 2009-10-17 10:47 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-07 01:19 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2006-02-28 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-03 08:44 . 2010-07-09 15:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2013-01-03 08:44 . 2010-07-09 15:24 108984 ----a-w- c:\windows\system32\nvmctray.dll
    2013-01-03 08:44 . 2010-07-09 15:24 156600 ----a-w- c:\windows\system32\nvsvc32.exe
    2013-01-03 08:44 . 2010-07-09 15:24 15515576 ----a-w- c:\windows\system32\nvcpl.dll
    2013-01-03 08:44 . 2010-07-09 15:24 144312 ----a-w- c:\windows\system32\nvcolor.exe
    2013-01-02 06:49 . 2006-02-28 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 16:49 . 2008-11-25 22:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\documents and settings\All Users\Application Data\Search Protection ----
    .
    2013-02-11 10:47 . 2013-02-11 10:47 673192 ----a-w- c:\documents and settings\All Users\Application Data\Search Protection\SearchProtection.exe
    .
    ---- Directory of c:\documents and settings\Frank\Application Data\ElevatedDiagnostics ----
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 413775]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 15:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
    2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    2002-07-09 09:50 28672 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 07:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2013-01-03 08:44 15515576 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2010-03-16 21:16 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-05-01 18:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-10-16 17:30 16855552 ----a-w- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 04:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
    2007-01-29 10:00 86016 ----a-w- c:\program files\MAGIX\Movies_on_CD_DVD_6_TerraTec_Edition\Trayserver.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "idsvc"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "NVSvc"=2 (0x2)
    "NBService"=3 (0x3)
    "MDM"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "WSearch"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 164832]
    R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [25/11/2008 15:00 6272]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13:05 196664]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15/11/2012 23:34 5814904]
    S2 gupdate1c9ae576d11a812;Google Update Service (gupdate1c9ae576d11a812);c:\program files\Google\Update\GoogleUpdate.exe [26/03/2009 21:11 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536]
    S3 BS_Flash;BS_Flash;c:\program files\BIOS Update\Award\BS_Flash.sys [25/11/2008 15:00 3604]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/02/2009 21:30 1527900]
    S3 GrabsterSeries.X86;GRABSTER SERIES, Service X86;c:\windows\system32\drivers\GrabsterSeries.X86.SYS [16/02/2009 21:26 310016]
    S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [01/05/2008 08:37 454815]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-05 14:25 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 13:56]
    .
    2013-03-07 c:\windows\Tasks\Backup of Data to Drive F.job
    - c:\windows\system32\ntbackup.exe [2001-08-17 21:36]
    .
    2013-02-27 c:\windows\Tasks\Backup of System Partition.job
    - c:\windows\system32\ntbackup.exe [2001-08-17 21:36]
    .
    2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:11]
    .
    2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 21:11]
    .
    2013-03-07 c:\windows\Tasks\ROC_REG_JAN.job
    - c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
    .
    2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
    - c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.metoffice.gov.uk/public/weather/forecast/glasgow?tab=fiveDay
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\31ezp1p0.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.virginmedia.com/?loc=ff_address_bar&search=
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.search.selectedEngine -
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-07 23:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-560562112-3749280852-3929859953-1010\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-03-08 00:00:20
    ComboFix-quarantined-files.txt 2013-03-08 00:00
    ComboFix2.txt 2013-03-07 21:55
    .
    Pre-Run: 144,318,660,608 bytes free
    Post-Run: 144,304,017,408 bytes free
    .
    - - End Of File - - E631FE520703B78E40E01E57F18A39D6
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,576
    You can delete this folder manually:

    c:\documents and settings\Frank\Application Data\ElevatedDiagnostics


    Please run SystemLook with the following script and post the results:

    Code:
    :filefind
    *searchprotection*
    :folderfind
    *searchprotection*
    :regfind
    searchprotection
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1091784