Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Crytpor - 193.104.153.30/download/new1.exe


  • Please log in to reply
1 reply to this topic

#1 budcanfan

budcanfan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 January 2010 - 02:42 PM

Hi Guys,

I'm in dire need of some help here. My friend has recently got a message appearing on his AVG Resident Shield every time he turns his router on which says : 193.104.153.30/download/new1.exe and then goes onto say : win32/cryptor svchost.exe

Then after about a minute the computer displays the message that is restarting for safety reason {which is what it is set to do in the xp options}.

I have ran superanti virus and malwarebytes and a full avg scan which found a few adware programs which were moved to the vault and then deleted. The system then tells me that it is clean, i reboot it and the minute i turn the router back on it displays the same message. I have tried restoring a previous system save point but the computer allows me to select one and then when its booting up it tells me that it was unsuccessful. The problem is most of the solutions seem to be run an online scan after running malware bytes etc but this is not possible as it wont allow me enough time to do so. I have checked the processes that are running {using cntrl+alt+delete} but nothing appears to be there that shouldn't be.

Can someone please send me in the right direction to get this infection off of my friends computer, he requires the system for work and i'm trying to get it sorted but to no avail.

I have downloaded the OTL scanner {as recommended for a similar post} and will post the logs tomorrow. If you require any additional information if you could let me know asap then i will try and get it while i'm there tomorrow.

Any help would be gratefully appreciated.

Many Thanks in advance

Dave

Edited by Orange Blossom, 25 January 2010 - 06:00 PM.
Move to AII from HJT. ~ OB


BC AdBot (Login to Remove)

 


#2 budcanfan

budcanfan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 28 January 2010 - 02:46 PM

Here's the 2 log files from OTL :

OTL logfile created on: 28/01/2010 15:38:48 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Papa Burgundy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 96.26 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.65% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVSPC
Current User Name: Papa Burgundy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 19:20:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Papa Burgundy\Desktop\OTL.exe
PRC - [2009/12/11 09:15:36 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/27 16:07:08 | 01,998,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/26 07:17:50 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/10/26 07:17:44 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/10/26 07:17:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/10/26 07:17:24 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/11 07:31:54 | 01,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/08/07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/08/05 13:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/08/05 13:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/08/05 13:10:56 | 00,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2008/06/17 15:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2008/05/22 14:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/03 19:37:36 | 00,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/02/19 08:22:08 | 01,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 17:29:06 | 00,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/10/11 19:03:10 | 00,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/07/13 10:56:25 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/12 06:00:00 | 00,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE
PRC - [2006/12/29 14:35:00 | 00,049,152 | ---- | M] () -- C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe
PRC - [2005/06/20 13:42:20 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/01 23:16:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/02/11 20:13:12 | 00,200,771 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe
PRC - [2002/07/17 10:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/01/29 21:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 19:20:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Papa Burgundy\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/26 07:17:37 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/02 14:55:36 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/12/29 14:35:00 | 00,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\BT Business Hub\Wireless Configuration\WirelessDaemon.exe -- (Wireless Adapter Configurator)
SRV - [2006/02/21 00:25:28 | 00,581,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/02/20 11:13:54 | 00,145,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/05 19:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/04/04 08:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/01 23:16:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/11/03 00:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/02/11 20:13:12 | 00,200,771 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2004/02/11 20:12:32 | 00,434,245 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2002/07/17 10:03:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 21:33:14 | 00,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2009/10/26 07:17:49 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/26 07:17:49 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/26 07:17:45 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/26 07:17:24 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/29 03:18:00 | 00,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 03:17:06 | 00,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 03:15:54 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/06/06 08:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 06:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 06:38:20 | 00,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 06:38:20 | 00,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/02 13:51:28 | 00,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/17 14:53:26 | 00,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/30 17:07:12 | 00,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2006/12/12 11:28:26 | 00,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 09:53:54 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2005/12/01 20:14:20 | 00,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/06/20 14:08:44 | 02,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/24 14:00:37 | 00,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/04/05 19:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 19:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 19:16:58 | 00,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 19:16:56 | 00,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 19:16:54 | 00,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 19:16:52 | 00,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/04/01 23:16:00 | 03,454,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/10/15 03:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/19 14:21:00 | 00,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/22 06:17:04 | 00,018,004 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2004/02/11 20:08:08 | 00,054,432 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2004/02/11 20:08:07 | 00,054,432 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\defrag32.sys -- (Defrag32)
DRV - [2001/08/17 20:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [1997/04/22 17:16:00 | 00,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rls=ig
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 DB 5C A8 97 12 CA 01 [binary data]
IE - HKU\S-1-5-21-117609710-1547161642-839522115-1004\S-1-5-21-117609710-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..keyword.URL: "http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:45:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/23 16:00:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 16:00:34 | 00,000,000 | ---D | M]

[2010/01/23 16:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Papa Burgundy\Application Data\Mozilla\Extensions
[2010/01/23 16:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Papa Burgundy\Application Data\Mozilla\Firefox\Profiles\mqki6coq.default\extensions
[2008/12/12 18:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Application Data\Mozilla\Firefox\Profiles\mqki6coq.default\searchplugins\MySpace.xml
[2010/01/21 17:19:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/28 08:15:38 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/28 08:15:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2007/11/20 16:52:00 | 02,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010/01/16 00:55:13 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 00,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKU\S-1-5-21-117609710-1547161642-839522115-1004..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-117609710-1547161642-839522115-1004..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-117609710-1547161642-839522115-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-117609710-1547161642-839522115-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-117609710-1547161642-839522115-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Papa Burgundy\Start Menu\Programs\Startup\Seagate 2GHJ4BQ6 Product Registration.lnk = C:\Documents and Settings\Papa Burgundy\Application Data\Leadertech\PowerRegister\Seagate 2GHJ4BQ6 Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .fpx - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll File not found
O12 - Plugin for: .ivr - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-117609710-1547161642-839522115-1004\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://junkyardg0d.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab (Sinstaller Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - http://farm3.static.flickr.com/2121/242197..._74056f5f74.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Papa Burgundy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Papa Burgundy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/20 16:09:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2419a9ba-412e-11de-b26d-00e0207d06a7}\Shell\AutoRun\command - "" = RavMon.exe
O33 - MountPoints2\{2419a9ba-412e-11de-b26d-00e0207d06a7}\Shell\explore\Command - "" = RavMon.exe -e
O33 - MountPoints2\{2419a9ba-412e-11de-b26d-00e0207d06a7}\Shell\open\Command - "" = RavMon.exe
O33 - MountPoints2\{4500e3c7-89e9-11dc-b07c-00e0207d06a7}\Shell - "" = AutoRun
O33 - MountPoints2\{4500e3c7-89e9-11dc-b07c-00e0207d06a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4500e3c7-89e9-11dc-b07c-00e0207d06a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{698dc699-2f2e-11de-b252-000272b00026}\Shell - "" = AutoRun
O33 - MountPoints2\{698dc699-2f2e-11de-b252-000272b00026}\Shell\Auto\command - "" = RavMon.exe
O33 - MountPoints2\{698dc699-2f2e-11de-b252-000272b00026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ba14dfe-a8f9-11de-93cc-00e0207d06a7}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba14dfe-a8f9-11de-93cc-00e0207d06a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ba14dfe-a8f9-11de-93cc-00e0207d06a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a93f9cee-67c0-11de-9381-00e0207d06a7}\Shell - "" = AutoRun
O33 - MountPoints2\{a93f9cee-67c0-11de-9381-00e0207d06a7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a93f9cee-67c0-11de-9381-00e0207d06a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fb269820-941e-11dc-b087-000272b00026}\Shell - "" = AutoRun
O33 - MountPoints2\{fb269820-941e-11dc-b087-000272b00026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fb269820-941e-11dc-b087-000272b00026}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 15:34:26 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Papa Burgundy\Desktop\OTL.exe
[2010/01/27 16:38:16 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/01/23 12:32:24 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/23 12:32:24 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/23 12:32:24 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/23 12:32:24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/23 12:32:08 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/23 12:17:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 12:15:58 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/23 10:30:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 17:20:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\My Documents\Downloads
[2010/01/21 16:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\Application Data\Malwarebytes
[2010/01/21 16:23:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 16:23:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 16:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 15:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/21 15:15:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\Application Data\SUPERAntiSpyware.com
[2010/01/21 15:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/21 15:15:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/21 15:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\Desktop\tools
[2010/01/20 08:22:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\My Documents\Unused Desktop Shortcuts
[2010/01/13 08:19:14 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/09 08:41:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Papa Burgundy\Application Data\Brother
[2010/01/03 15:42:07 | 00,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05a.dll
[2010/01/03 15:41:57 | 00,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2010/01/03 15:41:57 | 00,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2010/01/03 15:41:57 | 00,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2010/01/03 15:41:57 | 00,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2010/01/02 09:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Papa Burgundy\Local Settings\Application Data\Scansoft
[2010/01/01 18:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2010/01/01 18:35:40 | 00,052,224 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerIf.sys
[2010/01/01 18:35:40 | 00,011,904 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSer.sys
[2010/01/01 18:35:39 | 01,522,176 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia08a.dll
[2010/01/01 18:35:39 | 00,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2010/01/01 18:35:39 | 00,045,056 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi08a.dll
[2010/01/01 18:35:39 | 00,015,295 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrScnUsb.sys
[2010/01/01 18:35:32 | 00,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2010/01/01 18:35:10 | 00,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/01/01 18:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/01/01 18:33:00 | 00,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/01/01 18:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/01/01 18:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/01/01 18:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/01/01 18:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/01 18:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/10/24 16:16:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/24 16:16:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/24 16:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/24 16:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/19 09:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/11/24 18:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/28 15:27:53 | 00,021,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/28 15:23:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 15:23:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 15:23:12 | 36,902,54336 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 15:18:17 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Papa Burgundy\NTUSER.DAT
[2010/01/28 15:18:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Papa Burgundy\ntuser.ini
[2010/01/28 14:57:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/01/28 13:59:00 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/28 12:00:04 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2010/01/28 09:06:29 | 00,013,766 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 16:44:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/27 16:44:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/27 09:40:43 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/27 09:25:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/27 09:25:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/27 08:58:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/27 08:58:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/26 18:15:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/26 18:15:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/26 17:43:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/25 19:20:00 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Papa Burgundy\Desktop\OTL.exe
[2010/01/25 18:42:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/01/25 18:42:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/23 18:31:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/23 18:31:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/23 16:10:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/23 16:10:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/23 15:46:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/01/23 15:46:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/23 15:38:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/01/23 15:38:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/23 15:34:49 | 00,001,341 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Start Menu\Programs\Startup\Seagate 2GHJ4BQ6 Product Registration.lnk
[2010/01/23 15:29:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/01/23 15:29:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/01/23 12:10:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/23 12:10:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/23 11:58:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/23 11:58:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/22 19:13:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/22 19:13:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/22 18:34:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/22 18:34:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/22 17:05:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/22 17:05:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/22 13:15:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/22 13:15:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/22 12:31:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/22 12:31:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/21 17:45:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/21 17:45:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/21 17:29:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/21 17:29:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/21 17:25:56 | 54,461,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/21 17:18:50 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/21 17:12:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/21 17:12:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/21 16:23:47 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 15:15:31 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/01/20 08:22:49 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/16 10:48:02 | 00,002,525 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Desktop\Launch Google Earth.lnk
[2010/01/13 17:07:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 16:55:49 | 00,433,247 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Application Data\NMM-MetaData.db
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:51:50 | 00,000,290 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Desktop\Shortcut to Expansion Drive (H).lnk
[2010/01/03 15:44:33 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2010/01/03 15:44:11 | 00,000,245 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/01/03 15:44:11 | 00,000,094 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2010/01/03 15:43:57 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/03 15:43:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010/01/03 15:42:16 | 00,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2010/01/03 15:42:16 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/01/03 11:17:36 | 00,084,528 | ---- | M] () -- C:\Documents and Settings\Papa Burgundy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/02 09:50:33 | 00,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/31 16:04:31 | 06,428,820 | -H-- | M] () -- C:\Documents and Settings\Papa Burgundy\Local Settings\Application Data\IconCache.db
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 12:32:24 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/23 12:32:24 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/23 12:32:24 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/23 12:32:24 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/23 12:32:24 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 17:18:50 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/21 16:23:47 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 15:15:31 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/01/03 15:44:33 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2010/01/03 15:44:11 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/01/03 15:44:11 | 00,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/01/03 15:43:57 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/03 15:43:57 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/01/03 15:42:07 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/01/03 15:42:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/01/01 18:35:41 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/01/01 18:35:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/01/01 18:32:31 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/30 12:05:55 | 00,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2009/03/30 12:05:55 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2009/03/30 12:04:09 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/03/30 12:04:09 | 00,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2008/10/25 12:54:58 | 00,433,247 | ---- | C] () -- C:\Documents and Settings\Papa Burgundy\Application Data\NMM-MetaData.db
[2007/12/16 16:07:18 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/16 16:00:01 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
[2007/10/22 13:31:00 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/10 11:49:39 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/05/01 15:48:36 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/03/29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/09/29 20:49:30 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 19:46:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/04/20 20:19:03 | 00,028,747 | ---- | C] () -- C:\WINDOWS\System32\KMemoryMMX.dll
[2006/04/20 20:19:03 | 00,024,632 | ---- | C] () -- C:\WINDOWS\System32\KMemory.dll
[2006/04/20 20:19:03 | 00,020,546 | ---- | C] () -- C:\WINDOWS\System32\KMemoryC.dll
[2006/04/20 20:19:02 | 00,024,653 | ---- | C] () -- C:\WINDOWS\System32\KMemoryPIII.dll
[2006/04/20 20:18:42 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2006/04/20 20:18:42 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/04/20 20:18:42 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/04/20 20:18:42 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2006/04/20 20:18:42 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/03/25 17:55:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2006/03/25 17:55:26 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2006/03/25 17:55:26 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2006/02/13 19:27:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2006/01/24 19:14:31 | 00,000,107 | ---- | C] () -- C:\WINDOWS\nokiaimageconverter.INI
[2005/10/14 09:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 09:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 09:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 09:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 09:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 09:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 09:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/08/12 21:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/22 16:14:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/05/20 05:52:22 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\mcc16.dll
[2005/05/18 12:59:43 | 00,088,064 | ---- | C] () -- C:\Documents and Settings\Papa Burgundy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/27 12:46:31 | 00,000,485 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/23 14:57:26 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/04/23 14:55:14 | 00,005,200 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/04/23 14:55:11 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/04/01 23:16:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/10/12 05:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 05:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 05:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 05:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 07:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 16:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
< End of report >


and the extra one

OTL Extras logfile created on: 28/01/2010 15:38:48 - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Papa Burgundy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 96.26 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.73 Gb Total Space | 3.60 Gb Free Space | 96.65% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVSPC
Current User Name: Papa Burgundy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007DD97C-36DC-4C25-9B1C-7D22AC483D50}" = Reg Tool
"{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}" = Brother MFL-Pro Suite MFC-6490CW
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E}" = PerfectDisk
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{20120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Edition 12 [pre-release]
"{20120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI Edition (English) 12 [pre-release]
"{20120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI Edition (English) 12 [pre-release]
"{20120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release]
"{20120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI Edition (English) 12 [pre-release]
"{20120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI Edition (English) 12 [pre-release]
"{20120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI Edition (English) 12 [pre-release]
"{20120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof Edition (English) 12 [pre-release]
"{20120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof Edition (French) 12 [pre-release]
"{20120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof Edition (Spanish) 12 [pre-release]
"{20120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI Edition (English) 12 [pre-release]
"{20120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI Edition (English) 12 [pre-release]
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{221E5BB1-E4B5-485A-A74B-5D4D5BF21E62}" = Motorola Driver Installation 3.8.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{958E2B23-6146-4A21-9532-9F59049E9B35}" = Motorola Phone Tools
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS Probe V2.23.03" = ASUS Probe V2.23.03
"AVG8Uninstall" = AVG 8.5
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"BT Business Hub" = BT Business Hub
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"CDisplay_is1" = CDisplay 1.8
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"Digital Camera Driver" = Digital Camera Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Userís Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix3DSetup.exe" = Matrix3DSetup.exe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PRO" = Microsoft Office Professional Enterprise 2007 (Beta)
"Smart Audio Converter_is1" = Smart Audio Converter
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/01/2010 12:14:14 | Computer Name = KEVSPC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02a0f7a0.

Error - 23/01/2010 12:14:52 | Computer Name = KEVSPC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02a4f7a0.

Error - 23/01/2010 12:19:40 | Computer Name = KEVSPC | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27/01/2010 04:57:27 | Computer Name = KEVSPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02a4f7a0.

Error - 27/01/2010 05:01:22 | Computer Name = KEVSPC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02a4f7a0.

Error - 27/01/2010 05:24:19 | Computer Name = KEVSPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0248f7a0.

Error - 27/01/2010 05:28:48 | Computer Name = KEVSPC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0248f7a0.

Error - 27/01/2010 05:38:24 | Computer Name = KEVSPC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0248f7a0.

Error - 28/01/2010 11:02:03 | Computer Name = KEVSPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/01/2010 11:02:03 | Computer Name = KEVSPC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 28/01/2010 11:00:13 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).

Error - 28/01/2010 11:00:20 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 28/01/2010 11:04:11 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 28/01/2010 11:04:30 | Computer Name = KEVSPC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 28/01/2010 11:04:30 | Computer Name = KEVSPC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 28/01/2010 11:17:10 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 28/01/2010 11:17:10 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 28/01/2010 11:23:23 | Computer Name = KEVSPC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 28/01/2010 11:23:41 | Computer Name = KEVSPC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 28/01/2010 11:23:41 | Computer Name = KEVSPC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >


Any help on this matter would be great as when i went down today it no longer lets you boot in safe mode and when the PC actually boots up there are no desktop items anymore so have to force it to load explorer. I'm thinking i may need to format the drive and start from scratch.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users