Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows failing to boot up properly


  • This topic is locked This topic is locked
29 replies to this topic

#1 chindo

chindo

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 19 May 2012 - 05:47 PM

Hi there,

I've been having this problem for a few weeks now. Whenever I turn on my PC, Windows is really struggling to boot up. It'll often get to the 'loading' XP graphic and then just re-boot. It can sometimes repeat this process 6 or 7 times before it finally manages to get past this stage and boot up properly.

I've also had a problem of my computer completely crashing, but whether this is related or not I'm not sure.

I've attached / pasted the contents of the DDS reports as instructed. However, I have to tried to run the GMER scan 3 times now, but each time it has crashed my computer and so I cannot complete the scan unfortunately.

Any help on this matter would be greatly appreciated!




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by STUART at 20:55:25 on 2012-05-18
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.729 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AutoShutdown\autoshutdown2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local;*.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AutoShutdown] c:\program files\autoshutdown\autoshutdown2.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Google Update] "c:\documents and settings\stuart\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\stuart\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
uPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{677D8379-8553-46E8-B031-F65D891ACD54} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stuart\application data\mozilla\firefox\profiles\0x6m2f27.default\
FF - prefs.js: network.proxy.http - 202.28.66.115:8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\stuart\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2010-3-24 16640]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-3-30 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-13 232512]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\digifilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2010-4-25 4224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-23 136176]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\webcamdv.sys --> c:\windows\system32\drivers\WebCamDV.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 257696]
S3 cpuz132;cpuz132;\??\c:\docume~1\stuart\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\stuart\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-23 136176]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\jakndis.sys --> c:\windows\system32\drivers\JakNDis.sys [?]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-14 06:28:27 -------- d-----w- C:\OEMSettings
2012-05-07 10:21:29 -------- d-----w- c:\program files\BitDefender.Internet.Security.2012.Build.15.0.37.1560 with activator
2012-05-06 15:54:52 -------- d-----w- C:\Man vs Food - Season 1 - eluXX
2012-05-06 15:54:12 -------- d-----w- C:\Man vs Food - Season 2 - eluXX
2012-04-30 06:57:46 -------- d-----w- C:\WWE.Extreme.Rules.2012.HDTV.x264-EViLCREW
2012-04-27 19:19:41 -------- d-----w- C:\The Franchise - A Season with the San Francisco Giants Part 6
2012-04-27 19:16:33 -------- d-----w- C:\The Franchise - A Season with the San Francisco Giants Part 5
2012-04-22 22:53:19 -------- d-----w- C:\Elvis Presley - Elvis-February 1970
2012-04-22 22:30:12 -------- d-----w- C:\Elvis Presley - Elvis Live In Houston-November 12, 1971
.
==================== Find3M ====================
.
2012-05-05 00:08:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:08:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:17:49 6267832 ----a-w- c:\program files\HSS-2.52-install-p79-338-conduit.exe
2012-04-04 19:16:31 272200 ----a-w- c:\program files\DM-338.exe
2012-04-04 18:16:14 908576 ----a-w- c:\program files\chromeinstall-6u31.exe
2012-03-26 21:45:14 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-24 17:29:23 837048 ----a-w- c:\program files\dfsetup.exe
2012-03-19 20:02:08 73 ----a-w- c:\windows\system32\ssprs.dll
2012-03-19 20:02:08 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-03-11 13:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-26 04:39:33 273392 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-02-26 04:39:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-02-26 04:39:20 273392 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-01-27 01:24:07 51696216 ----a-w- c:\program files\SplitCamSetup.exe
2012-01-22 21:40:10 15033280 ----a-w- c:\program files\Dropbox 1.2.49.exe
2012-01-08 16:31:12 463080 ----a-w- c:\program files\cnet2_wcdv_2_1_exe.exe
2011-12-21 20:54:42 12912352 ----a-w- c:\program files\ManyCam.exe
2011-09-18 19:52:06 99502128 ----a-w- c:\program files\275.36-Quadro-winxp-32bit-international-whql.exe
2011-09-13 15:27:35 11527296 ----a-w- c:\program files\DTLite4413-0173.exe
2011-09-08 15:19:40 99690640 ----a-w- c:\program files\275.89-quadro-tesla-winxp-32bit-international-whql.exe
2011-09-01 11:10:24 3894928 ----a-w- c:\program files\avg_free_stb_all_2012_1796_cnet.exe
2011-08-13 23:26:35 59451093 ----a-w- c:\program files\XviD4PSP_5.10.250.0_2011-08-05_rc22.exe
2011-08-13 23:19:22 6105296 ----a-w- c:\program files\XviD4PSP_603.exe
2011-08-03 14:21:52 607017 ----a-w- c:\program files\dds.scr
2011-04-20 19:50:00 270800 ----a-w- c:\program files\DM-244.exe
2011-04-03 20:13:54 884512 ----a-w- c:\program files\chromeinstall-6u24.exe
2011-03-16 22:56:46 4758096 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2011-02-28 05:54:03 7351496 ----a-w- c:\program files\msnm70.exe
2011-02-28 05:35:09 1286504 ----a-w- c:\program files\wlsetup-web.exe
2011-02-12 01:51:13 6275960 ----a-w- c:\program files\Silverlight.exe
2011-01-23 19:09:40 164504 ----a-w- c:\program files\memtest.bin
2010-09-30 18:14:15 36868 ----a-w- c:\program files\uninst-shine.exe
2010-07-03 16:58:39 4182178 ----a-w- c:\program files\Avisynth_258.exe
2010-06-27 20:51:59 2945816 ----a-w- c:\program files\dotnetfx3setup.exe
2010-06-07 13:37:50 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2010-04-25 20:46:39 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2010-04-25 20:42:54 521568 ----a-w- c:\program files\GPU-Z.0.4.2.exe
2010-04-23 14:28:32 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-04-23 14:27:01 4886870 ----a-w- c:\program files\HandBrake-0.9.4-Win_GUI.exe
2010-04-19 23:48:40 156904 ----a-w- c:\program files\RapportSetup.exe
2010-04-16 01:19:45 445632 ----a-w- c:\program files\debutsetup.exe
2010-04-13 00:06:00 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-11 18:04:14 600680 ----a-w- c:\program files\nvudisp.exe
2010-04-11 18:04:14 535552 ----a-w- c:\program files\ISSetup.dll
2010-04-11 18:04:14 509 ----a-w- c:\program files\layout.bin
2010-04-11 18:04:14 4315496 ----a-w- c:\program files\PDsetup.exe
2010-04-11 18:04:14 148416 ----a-w- c:\program files\_setup.dll
2010-04-09 13:35:42 2668544 ----a-w- c:\program files\VirtualDub.exe
2010-04-09 13:35:18 8704 ----a-w- c:\program files\vdub.exe
2010-04-09 13:35:18 69632 ----a-w- c:\program files\auxsetup.exe
2010-04-09 13:35:16 73728 ----a-w- c:\program files\vdremote.dll
2010-04-09 13:35:16 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-04-09 13:34:54 65536 ----a-w- c:\program files\vdsvrlnk.dll
2010-03-30 18:27:24 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2008-04-24 17:01:54 1352 ----a-w- c:\program files\dvbuffers.bat
2004-11-01 10:19:48 3118262 ----a-w- c:\program files\Setup.exe
2004-04-25 10:57:24 210109 ----a-w- c:\program files\rpc412_setup.exe
2002-06-21 16:54:48 155648 ----a-w- c:\program files\DVD2AVI.vfp
2000-07-01 12:12:18 48640 ----a-w- c:\program files\DeinterlacePALMovie.vdf
.
============= FINISH: 20:56:19.73 ===============

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 24 May 2012 - 06:03 AM

Hi there,

Before we attempt the fixing process, I would like draw your attention to this:

c:\program files\BitDefender.Internet.Security.2012.Build.15.0.37.1560 with activator

It looks as though you have downloaded a cracked version of BitDefender. This is not only against BleepingComputer's board rules but most likely, depending on your location, illegal.

Before I help you, I request that you delete this file and any other files which are cracked or wares. I also ask that you uninstall any programs which are cracked.

Casey

Edited by Casey_boy, 24 May 2012 - 06:03 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 24 May 2012 - 01:40 PM

Hi Casey,

Thank you for your reply. I have deleted the file you told me to, the only reason I have it is because I was getting desperate trying to find a solution to my problem and I was getting concerned that my AVG Anti-Virus wasn't working properly. Not an excuse, I know, but luckily I never got round to actually installing it (always been a bit sceptical with those versions) and so I have deleted it outright.

Sorry about that,

Chindo

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 24 May 2012 - 04:08 PM

Okay great :)

the only reason I have it is because I was getting desperate trying to find a solution to my problem and I was getting concerned that my AVG Anti-Virus wasn't working properly. Not an excuse, I know, but luckily I never got round to actually installing it (always been a bit sceptical with those versions)


I can understand your anxiety but you're wise to be sceptical. Cracked programs are often packed with malware too and it's a very common route to getting infected in the first place.

 

Whilst we work on the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

 

So, let's start the clean up process...


Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 27 May 2012 - 07:12 AM

Hi Casey,

I ran ComboFix as instructed and here is the log it generated:




ComboFix 12-05-26.02 - STUART 26/05/2012 10:27:47.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1435 [GMT 1:00]
Running from: c:\documents and settings\STUART\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\STUART\Application Data\CC77F8K061.txt
c:\documents and settings\STUART\Application Data\ME86JleEk7.txt
c:\program files\275.36-Quadro-winxp-32bit-international-whql.exe
c:\program files\275.89-quadro-tesla-winxp-32bit-international-whql.exe
c:\program files\avg_free_stb_all_2012_1796_cnet.exe
c:\program files\DTLite4413-0173.exe
c:\program files\Setup.exe
c:\program files\XviD4PSP_5.10.250.0_2011-08-05_rc22.exe
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-21 06:33 . 2012-05-21 06:33 -------- d-----w- C:\OEMSettings
2012-05-20 11:42 . 2012-05-20 12:32 -------- d-----w- c:\program files\PeerBlock
2012-05-20 11:42 . 2012-05-20 11:41 2105040 ----a-w- c:\program files\PeerBlock-Setup_v1.1_r518.exe
2012-05-19 17:16 . 2012-05-19 17:19 -------- d-----w- c:\program files\M-c4d13
2012-05-06 15:54 . 2012-05-06 16:06 -------- d-----w- C:\Man vs Food - Season 1 - eluXX
2012-05-06 15:54 . 2012-05-06 15:54 -------- d-----w- C:\Man vs Food - Season 2 - eluXX
2012-04-27 19:19 . 2012-04-27 20:25 -------- d-----w- C:\The Franchise - A Season with the San Francisco Giants Part 6
2012-04-27 19:16 . 2012-04-27 21:18 -------- d-----w- C:\The Franchise - A Season with the San Francisco Giants Part 5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:08 . 2012-04-15 18:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 00:08 . 2011-11-05 01:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-13 23:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 00:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:17 . 2012-04-04 19:16 6267832 ----a-w- c:\program files\HSS-2.52-install-p79-338-conduit.exe
2012-04-04 19:16 . 2012-04-04 19:16 272200 ----a-w- c:\program files\DM-338.exe
2012-04-04 18:16 . 2012-04-04 18:13 908576 ----a-w- c:\program files\chromeinstall-6u31.exe
2012-03-26 21:45 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-24 17:29 . 2012-03-24 17:29 837048 ----a-w- c:\program files\dfsetup.exe
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-01 11:01 . 2008-04-14 04:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 04:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 04:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 04:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 04:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-13 23:07 385024 ----a-w- c:\windows\system32\html.iec
2012-01-27 01:24 . 2012-01-27 01:22 51696216 ----a-w- c:\program files\SplitCamSetup.exe
2012-01-22 21:40 . 2012-01-22 21:38 15033280 ----a-w- c:\program files\Dropbox 1.2.49.exe
2012-01-08 16:31 . 2012-01-08 16:31 463080 ----a-w- c:\program files\cnet2_wcdv_2_1_exe.exe
2011-12-21 20:54 . 2011-12-21 20:54 12912352 ----a-w- c:\program files\ManyCam.exe
2011-08-13 23:19 . 2011-08-13 23:19 6105296 ----a-w- c:\program files\XviD4PSP_603.exe
2011-08-03 14:21 . 2011-08-03 14:21 607017 ----a-w- c:\program files\dds.scr
2011-04-20 19:50 . 2011-04-20 19:49 270800 ----a-w- c:\program files\DM-244.exe
2011-04-03 20:13 . 2011-04-03 20:13 884512 ----a-w- c:\program files\chromeinstall-6u24.exe
2011-03-16 22:56 . 2011-03-16 22:56 4758096 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2011-02-28 05:54 . 2011-02-28 05:51 7351496 ----a-w- c:\program files\msnm70.exe
2011-02-28 05:35 . 2011-02-28 05:34 1286504 ----a-w- c:\program files\wlsetup-web.exe
2011-02-12 01:51 . 2011-02-12 01:51 6275960 ----a-w- c:\program files\Silverlight.exe
2011-01-23 19:09 . 2011-09-13 15:20 164504 ----a-w- c:\program files\memtest.bin
2010-09-30 18:14 . 2010-09-30 18:14 36868 ----a-w- c:\program files\uninst-shine.exe
2010-07-03 16:58 . 2010-07-03 16:58 4182178 ----a-w- c:\program files\Avisynth_258.exe
2010-06-27 20:51 . 2010-06-27 20:51 2945816 ----a-w- c:\program files\dotnetfx3setup.exe
2010-06-07 13:37 . 2010-06-07 13:37 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2010-04-25 20:46 . 2010-04-25 20:46 2841613 ----a-w- c:\program files\RivaTuner224c-[Guru3D.com].exe
2010-04-25 20:42 . 2010-04-25 20:42 521568 ----a-w- c:\program files\GPU-Z.0.4.2.exe
2010-04-23 14:28 . 2010-04-23 14:28 23510720 ----a-w- c:\program files\dotnetfx.exe
2010-04-23 14:27 . 2010-04-23 14:26 4886870 ----a-w- c:\program files\HandBrake-0.9.4-Win_GUI.exe
2010-04-19 23:48 . 2010-04-19 23:48 156904 ----a-w- c:\program files\RapportSetup.exe
2010-04-16 01:19 . 2011-01-24 15:39 445632 ----a-w- c:\program files\debutsetup.exe
2010-04-13 00:06 . 2010-04-13 00:05 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe
2010-04-11 18:04 . 2010-04-25 21:30 600680 ----a-w- c:\program files\nvudisp.exe
2010-04-11 18:04 . 2010-04-25 21:30 535552 ----a-w- c:\program files\ISSetup.dll
2010-04-11 18:04 . 2010-04-25 21:30 4315496 ----a-w- c:\program files\PDsetup.exe
2010-04-11 18:04 . 2010-04-25 21:30 148416 ----a-w- c:\program files\_setup.dll
2010-04-11 18:04 . 2010-04-25 21:30 509 ----a-w- c:\program files\layout.bin
2010-04-09 13:35 . 2010-04-12 18:43 2668544 ----a-w- c:\program files\VirtualDub.exe
2010-04-09 13:35 . 2010-04-12 18:43 8704 ----a-w- c:\program files\vdub.exe
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\auxsetup.exe
2010-04-09 13:35 . 2010-04-12 18:43 73728 ----a-w- c:\program files\vdremote.dll
2010-04-09 13:35 . 2010-04-12 18:43 69632 ----a-w- c:\program files\vdicmdrv.dll
2010-04-09 13:34 . 2010-04-12 18:43 65536 ----a-w- c:\program files\vdsvrlnk.dll
2010-03-30 18:27 . 2010-03-30 18:27 13525424 ----a-w- c:\program files\Dropbox 0.7.110.exe
2008-04-24 17:01 . 2010-04-25 22:25 1352 ----a-w- c:\program files\dvbuffers.bat
2004-04-25 10:57 . 2010-04-28 21:41 210109 ----a-w- c:\program files\rpc412_setup.exe
2002-06-21 16:54 . 2010-04-12 18:46 155648 ----a-w- c:\program files\DVD2AVI.vfp
2000-07-01 12:12 . 2010-04-23 14:32 48640 ----a-w- c:\program files\DeinterlacePALMovie.vdf
2011-12-29 13:17 . 2011-09-13 17:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\STUART\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoShutdown"="c:\program files\AutoShutdown\autoshutdown2.exe" [2001-05-15 572416]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-26 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-26 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\STUART\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\STUART\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI1"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^STUART^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\STUART\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-24 18:20 136176 ----atw- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\STUART\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"Windows Live Guards"= c:\program files\winlogon.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\STUART\\Application Data\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\STUART\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [24/03/2010 16:00 16640]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:15 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 14:48 71440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [30/03/2010 00:34 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 14:13 38144]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 14:48 931640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/09/2011 16:29 232512]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [29/09/2011 08:04 21632]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 16:02 287232]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [25/04/2010 22:20 4224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 02:40 136176]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2012 19:08 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 02:40 136176]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 14:00 21520]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 14:48 56208]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 14:48 164112]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [17/09/2004 11:38 12800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/03/2010 00:27 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 00:08]
.
2012-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-05-20 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2012-01-29 02:34]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 01:40]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 01:40]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003Core.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003UA.job
- c:\documents and settings\STUART\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 18:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\
FF - prefs.js: network.proxy.http - 202.28.66.115:8080
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 11:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,2c,2f,42,db,46,22,41,b1,a6,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1f,1c,9a,fc,a7,59,91,c2,20,d5,4d,dc,12,96,18,9e,73,1e,c1,00,ee,
f0,9d,41,e7,fa,65,d6,a5,9f,51,ce,7c,9d,58,65,a3,d4,3d,23,64,3d,95,cd,f8,64,\
.
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="65478:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
.
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="40z7dU0000\02?34867"
"NoPollSucceed"="{D6FAD53D-854E-1B96-5F93-3F30E3A332BC}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455789:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 1.1]
@DACL=
"dat"="806585365:{80C6EEB1-8D38-8964-B7F1-0987F8F4966B}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455810:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{F58F1714-975B-665F-32F0-732C04CFEE3A}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232149:{DED00951-421A-6979-81D7-907A400CCF2D}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1A31BD10-982C-2EAC-8D06-40D4BDCF799A}\Version 3.x]
@DACL=
"dat"="1767914624:{EA95ABB1-394B-ED1C-8412-6D6A8F00C22A}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="4063?8c68T:e956"
"ChkAppHelp"="{E675F62A-F879-0E74-F91C-CB7006FB4152}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714858:{51082288-9B81-1CD4-6722-3BF34B2D521F}"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ae,e3,c3,c7,11,c2,11,0c,a9,bd,c0,47,03,4f,ee,0c,32,84,72,7c,4e,
bc,bd,e3,6a,93,f0,10,7a,fe,3e,63,a3,dd,d1,39,49,54,2a,58,3b,41,40,6c,1e,81,\
.
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{E1AD22BD-D0FB-0229-1EA5-50D91248E7CF}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521854:{4E101126-56DF-3490-DAB0-FA8DAC23D224}"
.
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="4:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
Completion time: 2012-05-26 11:06:41
ComboFix-quarantined-files.txt 2012-05-26 10:06
.
Pre-Run: 226,460,389,376 bytes free
Post-Run: 230,073,331,712 bytes free
.
- - End Of File - - 10FE3F6A69FD5D835EBCB32D64339826

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 28 May 2012 - 04:50 AM

Hi,

:step1: How is the PC running now?

:step1: Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

:step3: I notice you have a proxy server set in FireFox - is this intentional?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 29 May 2012 - 12:58 PM

Hi Casey,

1. The PC is still a bit temperamental as it is still taking a couple of attempts to boot up properly. I've started to notice that occassionally the program I use to connect wirelessly to the internet (Netgear Smart Wizard) isn't functioning when I boot up the computer too. As a result I have to uninstall and then reinstall the software. This has only happened a handful of times but it just seems a little odd.

2. Thank you for the advice on that, I don't really use the program anymore so I have uninstalled it as per your advice.

3. I didn't know I had a proxy server set on FireFox (I generally use Chrome now anyway) so no, I can't say that that is intentional.

Thanks again,

Chindo

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 29 May 2012 - 05:10 PM

Okie doke, let's get another look at your PC with some other tools:

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 01 June 2012 - 07:18 AM

Hi,

This is a 3 day bump, hopefully you're still with me but if I do not receive a response within 2 days this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 03 June 2012 - 07:37 AM

Hi Casey,

Sorry I haven't replied, it's a been a long and busy end to the week! I'm going to complete the new instructions you have given me today though so I shall have the reports up shortly.

Chindo

#11 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 03 June 2012 - 08:48 AM

OK, so here are the results.

1. TDDSKiller came up with nothing found.

2. OTL report:



OTL logfile created on: 03/06/2012 14:19:50 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\STUART\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.15% Memory free
3.91 Gb Paging File | 2.35 Gb Available in Paging File | 60.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 211.52 Gb Free Space | 45.41% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 190.36 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
Drive J: | 232.83 Gb Total Space | 26.98 Gb Free Space | 11.59% Space Free | Partition Type: FAT32

Computer Name: STURAT-3BEA007B | User Name: STUART | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 14:19:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STUART\Desktop\OTL.exe
PRC - [2012/05/29 23:22:19 | 001,227,288 | ---- | M] (Google Inc.) -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/13 15:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009/01/07 12:11:46 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/12/11 15:38:04 | 002,322,432 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2001/05/15 13:09:46 | 000,572,416 | ---- | M] (Sundagger Solutions Co.) -- C:\Program Files\AutoShutdown\autoshutdown2.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/29 23:22:18 | 000,436,760 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\ppgooglenaclpluginchrome.dll
MOD - [2012/05/29 23:22:15 | 003,989,016 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\pdf.dll
MOD - [2012/05/29 23:21:01 | 000,526,872 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\libglesv2.dll
MOD - [2012/05/29 23:20:59 | 000,104,984 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\libegl.dll
MOD - [2012/05/29 23:20:50 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avutil-51.dll
MOD - [2012/05/29 23:20:48 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avformat-54.dll
MOD - [2012/05/29 23:20:47 | 002,387,496 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avcodec-54.dll
MOD - [2012/05/29 22:28:31 | 009,252,000 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\gcswf32.dll
MOD - [2012/05/28 21:50:10 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2011/12/12 05:33:52 | 000,498,760 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files\Last.fm\srv_rtaudioplayback.dll
MOD - [2010/10/27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files\Last.fm\ext_messengernotify.dll
MOD - [2010/10/27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files\Last.fm\ext_skypenotify.dll
MOD - [2010/10/27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files\Last.fm\srv_madtranscode.dll
MOD - [2010/10/27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files\Last.fm\srv_httpinput.dll
MOD - [2010/10/27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files\Last.fm\LastFmFingerprint1.dll
MOD - [2010/10/27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files\Last.fm\breakpad.dll
MOD - [2010/10/27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Last.fm\Moose1.dll
MOD - [2010/10/27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files\Last.fm\LastFmTools1.dll
MOD - [2010/10/27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files\Last.fm\libfftw3f-3.dll
MOD - [2010/10/27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files\Last.fm\zlibwapi.dll
MOD - [2010/02/10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/11 15:38:04 | 002,322,432 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008/12/11 10:13:32 | 000,053,248 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2008/04/16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files\Last.fm\QtNetwork4.dll
MOD - [2008/04/16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files\Last.fm\QtSql4.dll
MOD - [2008/04/16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files\Last.fm\QtGui4.dll
MOD - [2008/04/16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files\Last.fm\QtXml4.dll
MOD - [2008/04/16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files\Last.fm\QtCore4.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qmng4.dll
MOD - [2008/04/02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qgif4.dll
MOD - [2008/04/02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Last.fm\imageformats\qjpeg4.dll
MOD - [2007/09/14 10:27:14 | 000,024,576 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/12/15 11:30:38 | 000,966,765 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 01:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/13 15:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/29 16:36:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 12:11:46 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 05:42:30 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 05:42:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 05:41:58 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 05:41:50 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\WebCamDV.sys -- (WebCamDV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JakNDis.sys -- (JakNDisMP)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STUART\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STUART\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/26 22:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/11 14:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 14:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 14:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 18:15:16 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/29 08:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011/09/13 16:29:49 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/07 14:00:20 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/07/21 20:31:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/26 00:59:02 | 000,007,520 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/08/22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/08/22 19:25:00 | 000,004,224 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\NVStrap.sys -- (NVStrap)
DRV - [2009/03/24 10:39:36 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2009/01/07 14:56:48 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/09/08 13:04:46 | 000,093,232 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/04/14 00:14:50 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 00:06:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007/12/28 16:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/07/12 15:43:56 | 000,042,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvefd2k.sys -- (NVENETFD)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/26 16:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 16:21:18 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
DRV - [2006/02/26 16:02:48 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/10 20:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 20:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/01/23 16:38:48 | 000,012,800 | ---- | M] (Orange Micro, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wcdvaud.sys -- (WCDV_Aud)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C1 B0 26 95 28 CD 01 [binary data]
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..network.proxy.http: "202.28.66.115:8080"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 10:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/11 02:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/11 02:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 14:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/29 14:27:27 | 000,000,000 | ---D | M]

[2010/06/27 20:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\STUART\Application Data\Mozilla\Extensions
[2012/06/03 11:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\extensions
[2010/06/27 20:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/02 12:29:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/03 11:23:33 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\STUART\Application Data\Mozilla\Firefox\Profiles\0x6m2f27.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/04/04 20:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 23:41:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/04/04 19:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/08/13 15:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012/02/01 10:35:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/12/29 14:17:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/13 15:38:47 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/29 14:17:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/29 14:17:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/29 14:17:25 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/29 14:17:25 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/13 00:31:07 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/29 14:17:25 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/26 11:04:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003..\Run: [AutoShutdown] C:\Program Files\AutoShutdown\autoshutdown2.exe (Sundagger Solutions Co.)
O4 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\STUART\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38A07297-2E3C-4DDC-86ED-39E94F6C6FD7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\STUART\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\STUART\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/24 15:28:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 14:19:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\STUART\Desktop\OTL.exe
[2012/06/03 13:37:32 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\STUART\Desktop\tdsskiller.exe
[2012/06/03 13:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/03 13:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/06/03 11:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUART\Desktop\reunion
[2012/05/30 21:42:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/27 11:41:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/26 10:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/26 10:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/26 10:25:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/26 10:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/26 10:25:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/26 10:23:33 | 004,528,808 | R--- | C] (Swearware) -- C:\Documents and Settings\STUART\Desktop\ComboFix.exe
[2012/05/21 07:33:20 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2012/05/21 07:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WG111v3 Smart Wizard
[2012/05/20 12:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PeerBlock
[2012/05/20 12:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/05/20 12:42:02 | 002,105,040 | ---- | C] (PeerBlock, LLC ) -- C:\Program Files\PeerBlock-Setup_v1.1_r518.exe
[2012/05/19 18:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\M-c4d13
[2012/05/18 20:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\STUART\Desktop\gmer
[2012/05/18 20:54:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\STUART\Desktop\dds.scr
[2012/05/06 16:54:52 | 000,000,000 | ---D | C] -- C:\Man vs Food - Season 1 - eluXX
[2012/05/06 16:54:12 | 000,000,000 | ---D | C] -- C:\Man vs Food - Season 2 - eluXX
[2012/04/04 19:13:25 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\chromeinstall-6u31.exe
[2012/03/24 18:29:25 | 000,837,048 | ---- | C] (Ashisoft ) -- C:\Program Files\dfsetup.exe
[2012/01/27 02:22:01 | 051,696,216 | ---- | C] (SplitCam Co.) -- C:\Program Files\SplitCamSetup.exe
[2012/01/22 22:38:45 | 015,033,280 | ---- | C] (Dropbox, Inc.) -- C:\Program Files\Dropbox 1.2.49.exe
[2012/01/08 17:31:14 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Program Files\cnet2_wcdv_2_1_exe.exe
[2011/12/21 21:54:47 | 012,912,352 | ---- | C] (ManyCam LLC) -- C:\Program Files\ManyCam.exe
[2011/08/03 15:21:55 | 000,607,017 | ---- | C] (Swearware) -- C:\Program Files\dds.scr
[2011/04/03 21:13:59 | 000,884,512 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\chromeinstall-6u24.exe
[2011/03/16 23:56:48 | 004,758,096 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2011/02/28 06:51:59 | 007,351,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msnm70.exe
[2011/02/28 06:34:55 | 001,286,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2011/02/12 02:51:15 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011/01/24 16:39:17 | 000,445,632 | ---- | C] (NCH Software) -- C:\Program Files\debutsetup.exe
[2010/07/03 17:58:38 | 004,182,178 | ---- | C] (The Public) -- C:\Program Files\Avisynth_258.exe
[2010/06/27 21:51:59 | 002,945,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx3setup.exe
[2010/06/07 14:37:48 | 011,873,890 | ---- | C] (Audacity Team ) -- C:\Program Files\audacity-win-unicode-1.3.12.exe

========== Files - Modified Within 30 Days ==========

[2012/06/03 14:19:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\STUART\Desktop\OTL.exe
[2012/06/03 14:18:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003UA.job
[2012/06/03 14:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 14:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 13:37:32 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\STUART\Desktop\tdsskiller.exe
[2012/06/03 13:31:20 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/03 12:18:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1284227242-725345543-1003Core.job
[2012/06/03 08:36:02 | 099,673,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/03 08:20:09 | 000,497,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/03 08:20:09 | 000,085,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/03 08:17:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 08:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 08:14:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 02:47:17 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\STUART\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/03 02:47:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/31 18:04:36 | 000,306,182 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/30 07:20:33 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\STUART\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/29 21:56:27 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/05/28 21:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/26 11:04:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/26 10:23:58 | 004,528,808 | R--- | M] (Swearware) -- C:\Documents and Settings\STUART\Desktop\ComboFix.exe
[2012/05/21 07:33:13 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2012/05/21 07:33:13 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2012/05/20 12:42:28 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\STUART\Desktop\PeerBlock.lnk
[2012/05/20 12:41:57 | 002,105,040 | ---- | M] (PeerBlock, LLC ) -- C:\Program Files\PeerBlock-Setup_v1.1_r518.exe
[2012/05/19 21:40:35 | 002,350,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/18 20:54:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\STUART\Desktop\dds.scr
[2012/05/16 19:53:43 | 000,024,468 | ---- | M] () -- C:\Documents and Settings\STUART\Desktop\24.JPG
[2012/05/12 13:43:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 01:08:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 01:08:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/05/29 21:56:26 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2012/05/26 10:25:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/26 10:25:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/26 10:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/26 10:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/26 10:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/21 07:33:13 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2012/05/21 07:33:13 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
[2012/05/20 12:42:28 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\STUART\Desktop\PeerBlock.lnk
[2012/05/16 19:53:43 | 000,024,468 | ---- | C] () -- C:\Documents and Settings\STUART\Desktop\24.JPG
[2012/04/04 20:16:40 | 006,267,832 | ---- | C] () -- C:\Program Files\HSS-2.52-install-p79-338-conduit.exe
[2012/04/04 20:16:35 | 000,272,200 | ---- | C] () -- C:\Program Files\DM-338.exe
[2012/02/16 10:07:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 15:40:48 | 000,001,232 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
[2011/12/10 00:10:29 | 001,560,449 | ---- | C] () -- C:\Program Files\m2m-50578d1ca892e92b63dd2c80f5c3ef874308.mp3
[2011/11/07 21:59:23 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/11/07 21:59:20 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/11/07 21:59:19 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/09/18 20:58:15 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/09/18 20:53:26 | 000,273,392 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/18 20:53:26 | 000,273,392 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/18 20:53:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/18 20:53:11 | 002,123,618 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/14 16:51:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\dvdtomp3converter.ini
[2011/09/14 14:16:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoMP3.dat
[2011/09/13 16:25:09 | 008,867,840 | ---- | C] () -- C:\Program Files\SeaToolsDOS223ALL.ISO
[2011/09/13 16:20:37 | 000,164,504 | ---- | C] () -- C:\Program Files\memtest.bin
[2011/08/16 21:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\tmpPrst.dll
[2011/08/14 00:27:44 | 001,527,650 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2011/08/14 00:19:17 | 006,105,296 | ---- | C] () -- C:\Program Files\XviD4PSP_603.exe
[2011/05/28 18:43:18 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/05/28 18:43:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/05/28 18:43:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/04/20 23:48:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/04/20 20:49:59 | 000,270,800 | ---- | C] () -- C:\Program Files\DM-244.exe
[2011/02/28 07:03:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/19 03:39:10 | 000,001,203 | ---- | C] () -- C:\Program Files\c5[t9_1]mk-w.dat
[2010/12/23 18:27:32 | 000,049,259 | ---- | C] () -- C:\Program Files\svchost.dat
[2010/10/10 03:05:36 | 000,058,020 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/30 19:14:15 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-shine.exe
[2010/08/23 02:58:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/21 22:13:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/21 22:13:09 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/21 22:13:09 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/21 22:13:08 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 16:16:56 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20cT5XFT.dat
[2010/06/27 20:17:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/26 23:53:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 1377 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:4r8hZeDqq1JJgiSEBVT5
@Alternate Data Stream - 1262 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:eJ7N0qcxOnAzXc2OMTsrs
@Alternate Data Stream - 1179 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:CM5iuVBii9hDGb5Cb85E8Z

< End of report >





Extra report:



OTL Extras logfile created on: 03/06/2012 14:19:50 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\STUART\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.15% Memory free
3.91 Gb Paging File | 2.35 Gb Available in Paging File | 60.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 211.52 Gb Free Space | 45.41% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 190.36 Gb Free Space | 40.87% Space Free | Partition Type: NTFS
Drive J: | 232.83 Gb Total Space | 26.98 Gb Free Space | 11.59% Space Free | Partition Type: FAT32

Computer Name: STURAT-3BEA007B | User Name: STUART | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\STUART\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"Windows Live Guards" = C:\Program Files\winlogon.exe
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\STUART\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\STUART\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\STUART\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FE14494-24DB-49A1-9047-7FD89484B907}_is1" = particleIllusion for After Effects beta v0.95
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{344AB43F-AFE2-47EF-84F2-EF689725F6F5}" = Avid EDL Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D216C6-BCF3-445B-AFF9-B8BF349149B5}" = Avid MetaSync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BA31429-E6D0-44AC-AD9E-7B47192BADFC}" = Avid DIO Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers
"{A1A70631-29A5-4CEB-B93B-035C49652E6B}" = TMPGEnc 4.0 XPress
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A284361B-8AA7-4250-898B-862DFC2AC0B3}" = Avid Media Composer
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A60340C8-51BE-4E2F-BAC7-F65EF116CDAB}" = Avid Log Exchange
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B11EAE6A-53B4-469F-8516-6DF06E904DB2}" = Avid MediaLog
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B99459D2-B91A-417E-9DFA-F53D569F4445}_is1" = H.264 Encoder 1.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB35B5CB-3E7A-40B3-9CD9-4520BE496909}" = Avid FilmScribe
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC6EDCB1-2379-482F-9A93-293DFF7B1226}" = WalkerFX 2.2 Professional Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Remove Only)
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Debut" = Debut Video Capture Software
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GenArts Sapphire Plug-ins Version 1.07 for After Effects" = GenArts Sapphire Plug-ins Version 1.07 for After Effects
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.65 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Rapport_msi" = Rapport
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SopCast" = SopCast 3.2.9
"VLC media player" = VLC media player 1.0.5
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft HD Video Converter 6" = Xilisoft HD Video Converter 6
"Xvid_is1" = Xvid 1.2.2 final uninstall
"XviD4PSP5_is1" = XviD4PSP 5.10.250.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-1284227242-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/04/2012 07:32:50 | Computer Name = STURAT-3BEA007B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2656352,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 17/04/2012 06:36:04 | Computer Name = STURAT-3BEA007B | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 20.0.1096.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/04/2012 21:10:42 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1105.2, faulting module
gcswf32.dll, version 11.2.202.229, fault address 0x00185f7d.

Error - 21/04/2012 21:10:58 | Computer Name = STURAT-3BEA007B | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 20.0.1105.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/04/2012 20:57:44 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
gcswf32.dll, version 11.2.202.235, fault address 0x00402aa9.

Error - 28/04/2012 21:15:37 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
unknown, version 0.0.0.0, fault address 0x122f7238.

Error - 01/05/2012 18:23:31 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
mprodsdv.ax, version 7.7.0.32275, fault address 0x0000475d.

Error - 04/05/2012 19:24:45 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1123.4, faulting module
gcswf32.dll, version 11.2.202.235, fault address 0x00185f3c.

Error - 12/05/2012 08:06:43 | Computer Name = STURAT-3BEA007B | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070020

Error - 02/06/2012 13:03:03 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00090000.

[ Application Events ]
Error - 08/04/2012 07:32:50 | Computer Name = STURAT-3BEA007B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2656352,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 17/04/2012 06:36:04 | Computer Name = STURAT-3BEA007B | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 20.0.1096.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/04/2012 21:10:42 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1105.2, faulting module
gcswf32.dll, version 11.2.202.229, fault address 0x00185f7d.

Error - 21/04/2012 21:10:58 | Computer Name = STURAT-3BEA007B | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 20.0.1105.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/04/2012 20:57:44 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
gcswf32.dll, version 11.2.202.235, fault address 0x00402aa9.

Error - 28/04/2012 21:15:37 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
unknown, version 0.0.0.0, fault address 0x122f7238.

Error - 01/05/2012 18:23:31 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1115.1, faulting module
mprodsdv.ax, version 7.7.0.32275, fault address 0x0000475d.

Error - 04/05/2012 19:24:45 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 20.0.1123.4, faulting module
gcswf32.dll, version 11.2.202.235, fault address 0x00185f3c.

Error - 12/05/2012 08:06:43 | Computer Name = STURAT-3BEA007B | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
- Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070020

Error - 02/06/2012 13:03:03 | Computer Name = STURAT-3BEA007B | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00090000.

[ System Events ]
Error - 02/06/2012 18:30:47 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:31:17 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:31:48 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:32:20 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:32:50 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:33:22 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:33:53 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 02/06/2012 18:34:24 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 03/06/2012 03:16:12 | Computer Name = STURAT-3BEA007B | Source = Service Control Manager | ID = 7000
Description = The WebCamDV DV to Webcam Converter service failed to start due to
the following error: %%2

Error - 03/06/2012 08:17:10 | Computer Name = STURAT-3BEA007B | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.


< End of report >




Chindo

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 05 June 2012 - 02:22 PM

Hello again,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    FF - prefs.js..network.proxy.http: "202.28.66.115:8080"
    FF - prefs.js..network.proxy.type: 1
    [2011/10/13 00:31:07 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/05/29 21:56:26 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
    [2011/12/10 00:10:29 | 001,560,449 | ---- | C] () -- C:\Program Files\m2m-50578d1ca892e92b63dd2c80f5c3ef874308.mp3
    [2010/06/30 16:16:56 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20cT5XFT.dat
    @Alternate Data Stream - 1377 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:4r8hZeDqq1JJgiSEBVT5
    @Alternate Data Stream - 1262 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:eJ7N0qcxOnAzXc2OMTsrs
    @Alternate Data Stream - 1179 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:CM5iuVBii9hDGb5Cb85E8Z
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 08 June 2012 - 06:36 AM

Hi Casey,

Thanks for the reply again. Here is the report from the latest OTL fix:


========== OTL ==========
Prefs.js: "202.28.66.115:8080" removed from network.proxy.http
Prefs.js: 1 removed from network.proxy.type
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\WINDOWS\tasks\debutShakeIcon.job moved successfully.
C:\Program Files\m2m-50578d1ca892e92b63dd2c80f5c3ef874308.mp3 moved successfully.
C:\Documents and Settings\All Users\Application Data\20cT5XFT.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:4r8hZeDqq1JJgiSEBVT5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:eJ7N0qcxOnAzXc2OMTsrs deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:CM5iuVBii9hDGb5Cb85E8Z deleted successfully.

OTL by OldTimer - Version 3.2.45.0 log created on 06082012_123456



Chindo

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:51 AM

Posted 08 June 2012 - 07:11 AM

Hi Chindo,

Has there been any improvement?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 chindo

chindo
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 08 June 2012 - 09:26 AM

Hi Casey,

I have to say I haven't noticed the computer taking multiple attempts to boot up and my Wireless Network connector hasn't failed to work for a while now, so I would say there has been an improvement. If you think the fixes you have instructed me to carry out have been successful then all I can say is thank you very much, it is very much appreciated!

Chindo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users