Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware attack on XP sp3 pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 10th, 2011, 10:22 am

Hi Malware Removal halper :)

My name is Garry, and I have an oldish desktop pc running Windows XP Pro Version 2002 SP3. It's an AMD XP2400+ 2.01 Ghz with 2Gb RAM installed.
The motherboard has onboard LAN, but I have also (at the request of my ISP) tried 2 different PCI LAN cards, and still have the same issue.
I leave my computers on virtually all the time. this allows me at access them quickly when I need them fast during the day, and also means that the are switched on and able to auto update by themselves too.
My ISP is Virgin Media in the UK, and I access this via a cable modem and a Buffalo Airstation wireless router. The laptops connected via wifi have no issues at all, and are able to connect to the internet at full unencumbered speed. Since yesterday morning when I woke up to MSN and Google Chrome having net connection issues, it seems that the desktop computer (connected to the router via LAN cable) is constantly attempting to "assign ip address".
My ISP has checked all systems diagnostics they can do remotely, and still suggest that the issue is down to the network adapter. This is highly unlikely, as I said, I have changed it twice now, not for new, but previously known to be working perfectly ones. I do get lights flashing on the LAN card to show there is some communication between it and the router.
My other concern, and why I think there is a viral or malware infection, is that my Windows firewall is turned off, and trying all usual attempts to turn it on, the system refuses to do so (a common tactic of infection related programming I'm lead to believe).
I have also tried un-installing all the hardware and getting Windows to re-install the drivers for them, tried going to a known good restore point and tried to get Windows to "repair" the said network connections too (both of these failed for no apparent reason), all of which still give me an ip address of 0.0.0.0 when running ipconfig from a CMD window.
I have of course run my own full scans for virus and rootkit using AVG,and also run Malwarebytes and COMODO System Cleaner too.

Please find posted below the results of the scans you need to hopefully sort this out for me ............ Many thanks, Garry :)

DDS.txt:


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Garry at 14:49:01 on 2011-08-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1276 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&webmaster_id=%webmaster_id&affid=%affid
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [Google Update] "c:\documents and settings\garry\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 0562907625
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{F6A20AC7-3685-49C1-8E6F-DCDF384D28D1} : DhcpNameServer = 192.168.11.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
mASetup: {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555} - e:\torrent downloads\slysoft\anydvd 6.3.0.0\AnyDVD leftover killer 1.3.exe -M
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\garry\application data\mozilla\firefox\profiles\4q7whth4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\garry\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Update Service: updater@foxstart.com - c:\program files\mozilla firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2010-12-9 33232]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\comodo\comodo system-cleaner\Cleaner_Validator.exe [2010-12-9 305600]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-11 54760]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-12-7 2368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S0 MFX;MFX;c:\windows\system32\drivers\MFX.sys [2007-8-15 49164]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2007-8-15 49164]
S1 CFRMD;CFRMD;c:\windows\system32\drivers\cfrmd.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2006-11-10 45696]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2006-10-24 96256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
.
=============== Created Last 30 ================
.
2011-08-09 22:59:37 388096 ----a-r- c:\documents and settings\garry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-09 19:45:49 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
2011-08-09 15:36:47 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-08-09 15:36:47 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-07-19 19:38:03 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-19 19:38:01 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
.
==================== Find3M ====================
.
2011-08-09 10:43:15 92132 ----a-w- c:\windows\cscmondump.bin
2011-06-05 12:57:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:50:11.06 ===============





ATTACH.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/09/2007 00:36:55
System Uptime: 09/08/2011 23:10:33 (15 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6390
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 2014/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 40 GiB total, 17.256 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 138.837 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP931: 05/08/2011 12:01:10 - Software Distribution Service 3.0
RP932: 09/08/2011 07:51:35 - System Checkpoint
RP933: 09/08/2011 11:38:00 - Software Distribution Service 3.0
RP934: 09/08/2011 20:07:36 - Restore Operation
RP935: 09/08/2011 20:25:31 - Restore Operation
RP936: 09/08/2011 23:59:34 - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIDA64 Extreme Edition v1.60
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVS Update Manager 1.0
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Bonjour
CloneDVD2
COMODO System-Cleaner
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 7 Professional
CuteHTML
Del Mp3 Karaoke 4.7.4700
Device Doctor
DriverMagic
DVD Region-Free 3.10
DVD Shrink 3.2
Free Screen Video Recorder version 2.4
Google Chrome
Google Earth
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InCD
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
K-Lite Codec Pack 3.4.5 Full
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
MatchWare ScreenCorder 5.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MIKSOFT Mobile 3GP converter
MOV to AVI MPEG WMV Converter 3.0.2
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
NeroMIX
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Paint Shop Pro 7 ESD
PC Connectivity Solution
Platform
Protected Music Converter 0.99b
QuickTime
RealPlayer
ScreenCorder 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sound Blaster AudioPCI Drivers Online Help
Sound Blaster Live! 1024
Spotify
Spybot - Search & Destroy 1.4
Steinberg Cubase SX v3.1.1.944
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Trust Mouse 14835
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Virtual DJ - Atomix Productions
VirtualCloneDrive
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Easy Transfer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WinZip
WordWeb
XP TCP/IP Repair 1.0
YAMP v1.3
.
==== Event Viewer Messages From Past Week ========
.
09/08/2011 13:55:57, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
09/08/2011 11:58:51, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
09/08/2011 11:58:51, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The system cannot find the file specified.
09/08/2011 11:49:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CFRMD
09/08/2011 11:49:06, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
09/08/2011 11:49:06, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
09/08/2011 11:49:06, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
09/08/2011 11:49:06, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
09/08/2011 11:49:06, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
09/08/2011 11:49:06, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
09/08/2011 11:42:43, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2509503).
09/08/2011 11:42:00, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2541025).
09/08/2011 11:41:04, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2553971).
09/08/2011 11:40:17, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2003 (KB2539581).
09/08/2011 11:39:34, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2535812).
09/08/2011 11:38:45, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2493523).
09/08/2011 07:14:02, error: Srv [2020] - The server was unable to allocate from the system paged pool because the pool was empty.
09/08/2011 07:11:42, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'etilqs_whENmd81fU972QF' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
04/08/2011 20:59:56, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PAUL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7EA54434-030A-4C4D-9. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================






and Hijackthis.log (not sure if you still use these, but maybe very little helps :)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:45, on 10/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&webmaster_id=%webmaster_id&affid=%affid
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0562907625
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9414 bytes
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm
Advertisement
Register to Remove

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 13th, 2011, 7:33 am

Hi Garry Selman,
Quite a bit to do here, but each task should be fairly straightforward.
Please don't Install, Scan, or Uninstall anything unless I ask, until we are through cleaning.
If this is a hardware issue, we may not be able to help much.
Let's see if we can identify any correctible malware problems.

You may want to print this out before you begin.
----------------------------- -------------------
Issues with Older Adobe Acrobat Programs
It's possible that PC slowdowns can be caused by one of your older Adobe Acrobat versions trying to update itself.
That program (esp Acrobat 4/5/6) has a buggy updater which can hang at bootup. It can phone home interminably and slow your PC to a crawl. Anytime after your machine boots and you notice a slowdown, use Ctrl-Alt-Del to bring up task manager.
Click on the Processes tab, and note the names of the process files which are using most of the CPU resources. May be something like Adobeupd.exe
In any case, you should install and use the latest version of the free Acrobat reader to look at web-based PDF files, even if you keep an older Acrobat version for editing.
This will prevent PC infection due to opening a malicious web-based PDF with one of the older, vulnerable, applications.
You should only use Acrobat 5 on a PDF that has been first checked (right click) by your antivirus.
We will take care of installing a new Adobe reader later.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

µTorrent
Ad-Aware SE Personal
COMODO System-Cleaner
Spybot - Search & Destroy 1.4

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the log from TDSSKiller.
Also, please tell me about your use of any CD-RW (rewriteable) type discs.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 13th, 2011, 10:09 pm

Hi Askey 127

Thanks for your help :)
All requested tasks completed with no errors found, and the contents of the TDSSKiller log file are posted below.
I have 2 separate DVD-RW drives on this machine, and I occasionally write the odd music CD or Movie DVD on them, but I'm pretty sure I haven't used any CD or DVD RW discs in either drive for quite some time .. possibly years.




2011/08/14 03:01:18.0213 1096 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/14 03:01:18.0243 1096 ================================================================================
2011/08/14 03:01:18.0243 1096 SystemInfo:
2011/08/14 03:01:18.0243 1096
2011/08/14 03:01:18.0243 1096 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/14 03:01:18.0243 1096 Product type: Workstation
2011/08/14 03:01:18.0243 1096 ComputerName: MUMA-AMD
2011/08/14 03:01:18.0243 1096 UserName: Garry
2011/08/14 03:01:18.0243 1096 Windows directory: C:\WINDOWS
2011/08/14 03:01:18.0243 1096 System windows directory: C:\WINDOWS
2011/08/14 03:01:18.0243 1096 Processor architecture: Intel x86
2011/08/14 03:01:18.0243 1096 Number of processors: 1
2011/08/14 03:01:18.0243 1096 Page size: 0x1000
2011/08/14 03:01:18.0243 1096 Boot type: Normal boot
2011/08/14 03:01:18.0243 1096 ================================================================================
2011/08/14 03:01:20.0036 1096 Initialize success
2011/08/14 03:01:32.0514 2132 ================================================================================
2011/08/14 03:01:32.0514 2132 Scan started
2011/08/14 03:01:32.0514 2132 Mode: Manual;
2011/08/14 03:01:32.0514 2132 ================================================================================
2011/08/14 03:01:34.0497 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/14 03:01:35.0027 2132 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/14 03:01:35.0218 2132 AnyDVD (38f5aaefb71100c294bd17190fb3f8d3) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/08/14 03:01:35.0548 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/14 03:01:35.0648 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/14 03:01:35.0829 2132 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/14 03:01:35.0989 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/14 03:01:36.0119 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/14 03:01:36.0219 2132 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/14 03:01:36.0309 2132 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/14 03:01:36.0409 2132 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/14 03:01:36.0510 2132 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/14 03:01:36.0670 2132 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/14 03:01:36.0780 2132 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/14 03:01:36.0850 2132 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/14 03:01:36.0970 2132 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/14 03:01:37.0080 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/14 03:01:37.0211 2132 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
2011/08/14 03:01:37.0321 2132 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/08/14 03:01:37.0431 2132 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/14 03:01:37.0521 2132 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/08/14 03:01:37.0631 2132 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/14 03:01:37.0741 2132 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/14 03:01:37.0932 2132 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/14 03:01:38.0062 2132 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/08/14 03:01:38.0192 2132 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/08/14 03:01:38.0372 2132 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/08/14 03:01:38.0472 2132 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/14 03:01:38.0572 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/14 03:01:38.0723 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/14 03:01:38.0913 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/14 03:01:39.0023 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/14 03:01:39.0143 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/14 03:01:39.0314 2132 cirrus (a7d38b7c4c69c72dfa98129cac1f9f1b) C:\WINDOWS\system32\DRIVERS\cirrus.sys
2011/08/14 03:01:39.0624 2132 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/08/14 03:01:39.0724 2132 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
2011/08/14 03:01:40.0005 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/14 03:01:40.0125 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/14 03:01:40.0295 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/08/14 03:01:40.0385 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/14 03:01:40.0505 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/14 03:01:40.0736 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/14 03:01:40.0846 2132 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/08/14 03:01:40.0966 2132 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2011/08/14 03:01:41.0056 2132 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/08/14 03:01:41.0186 2132 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2011/08/14 03:01:41.0276 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/14 03:01:41.0427 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/14 03:01:41.0517 2132 FET5X86V (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/14 03:01:41.0557 2132 FETND5BV (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/14 03:01:41.0727 2132 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/14 03:01:41.0827 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/14 03:01:41.0967 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/14 03:01:42.0078 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/14 03:01:42.0188 2132 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/14 03:01:42.0298 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/14 03:01:42.0348 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/14 03:01:42.0438 2132 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/14 03:01:42.0528 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/14 03:01:42.0638 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/14 03:01:42.0748 2132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/14 03:01:42.0979 2132 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/08/14 03:01:43.0089 2132 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/08/14 03:01:43.0239 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/14 03:01:43.0480 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/14 03:01:43.0610 2132 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys
2011/08/14 03:01:43.0690 2132 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
2011/08/14 03:01:43.0790 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/14 03:01:43.0900 2132 InCDfs (f1b3bb3a58b53fde1ecc88ffd61963f1) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/08/14 03:01:43.0990 2132 InCDrec (a934242a8cc045a57aa140495bdcf7a3) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/08/14 03:01:44.0271 2132 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/14 03:01:44.0381 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/14 03:01:44.0481 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/14 03:01:44.0581 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/14 03:01:44.0731 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/14 03:01:44.0831 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/14 03:01:44.0972 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/14 03:01:45.0092 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/14 03:01:45.0172 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/14 03:01:45.0302 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/14 03:01:45.0392 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/14 03:01:45.0633 2132 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/14 03:01:45.0743 2132 MFX (53ac61dfd06d8aec93f009c20092369c) C:\WINDOWS\system32\drivers\MFX.sys
2011/08/14 03:01:45.0863 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/14 03:01:45.0923 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/14 03:01:46.0013 2132 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/14 03:01:46.0093 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/14 03:01:46.0203 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/14 03:01:46.0314 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/14 03:01:46.0474 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/14 03:01:46.0584 2132 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/14 03:01:46.0734 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/14 03:01:46.0864 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/14 03:01:46.0975 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/14 03:01:47.0075 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/14 03:01:47.0165 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/14 03:01:47.0245 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/14 03:01:47.0345 2132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/14 03:01:47.0445 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/14 03:01:47.0565 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/14 03:01:47.0706 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/14 03:01:47.0816 2132 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/14 03:01:47.0886 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/14 03:01:47.0986 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/14 03:01:48.0076 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/14 03:01:48.0206 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/14 03:01:48.0296 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/14 03:01:48.0477 2132 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/08/14 03:01:48.0617 2132 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/08/14 03:01:48.0727 2132 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/08/14 03:01:48.0797 2132 Nokia USB Port (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/08/14 03:01:48.0897 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/14 03:01:49.0038 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/14 03:01:49.0128 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/14 03:01:49.0308 2132 nv (8e836672c1e476772cd18b7b4a671b4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/14 03:01:49.0488 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/14 03:01:49.0588 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/14 03:01:49.0719 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/14 03:01:49.0809 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/14 03:01:49.0929 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/14 03:01:50.0039 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/14 03:01:50.0189 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/14 03:01:50.0289 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/14 03:01:50.0740 2132 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/08/14 03:01:50.0830 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/14 03:01:50.0910 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/14 03:01:51.0020 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/14 03:01:51.0080 2132 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/14 03:01:51.0471 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/14 03:01:51.0561 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/14 03:01:51.0721 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/14 03:01:51.0812 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/14 03:01:51.0892 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/14 03:01:52.0042 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/14 03:01:52.0152 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/14 03:01:52.0272 2132 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/14 03:01:52.0392 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/14 03:01:52.0533 2132 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/14 03:01:52.0743 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/14 03:01:52.0903 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/14 03:01:53.0013 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/14 03:01:53.0183 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/14 03:01:53.0334 2132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/14 03:01:53.0524 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/14 03:01:53.0634 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/14 03:01:53.0734 2132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/14 03:01:53.0864 2132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/14 03:01:53.0985 2132 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys
2011/08/14 03:01:54.0175 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/14 03:01:54.0255 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/14 03:01:54.0646 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/14 03:01:54.0786 2132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/14 03:01:54.0946 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/14 03:01:55.0036 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/14 03:01:55.0146 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/14 03:01:55.0377 2132 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/08/14 03:01:55.0477 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/14 03:01:55.0697 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/14 03:01:55.0867 2132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/14 03:01:55.0998 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/14 03:01:56.0118 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/14 03:01:56.0218 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/14 03:01:56.0318 2132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/14 03:01:56.0408 2132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/14 03:01:56.0508 2132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/14 03:01:56.0618 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/14 03:01:56.0729 2132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/14 03:01:56.0849 2132 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/14 03:01:56.0959 2132 USB_NDIS_51 (2e12bec081b8a560532c6a1856217162) C:\WINDOWS\system32\DRIVERS\bcmndis.sys
2011/08/14 03:01:57.0089 2132 USR1806V (133514fb65565d90ce6a5c55061b037f) C:\WINDOWS\system32\DRIVERS\USR1806V.SYS
2011/08/14 03:01:57.0219 2132 VClone (e986f81fa0b3aed21f188a0fd044d80e) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/08/14 03:01:57.0319 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/14 03:01:57.0410 2132 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/14 03:01:57.0510 2132 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/08/14 03:01:57.0610 2132 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/14 03:01:57.0750 2132 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/08/14 03:01:57.0870 2132 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/08/14 03:01:58.0000 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/14 03:01:58.0161 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/14 03:01:58.0351 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/14 03:01:58.0501 2132 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/08/14 03:01:58.0782 2132 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/14 03:01:58.0922 2132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/14 03:01:59.0072 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/14 03:01:59.0132 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/14 03:01:59.0292 2132 XMS1563K (53ac61dfd06d8aec93f009c20092369c) C:\WINDOWS\system32\drivers\XMS1563K.sys
2011/08/14 03:01:59.0513 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/14 03:01:59.0683 2132 Boot (0x1200) (8ae047c30121e3c63e49603671069c21) \Device\Harddisk0\DR0\Partition0
2011/08/14 03:01:59.0743 2132 Boot (0x1200) (2ec89473d836bf819307e36fc0b6894a) \Device\Harddisk0\DR0\Partition1
2011/08/14 03:01:59.0763 2132 ================================================================================
2011/08/14 03:01:59.0763 2132 Scan finished
2011/08/14 03:01:59.0763 2132 ================================================================================
2011/08/14 03:01:59.0813 2108 Detected object count: 0
2011/08/14 03:01:59.0813 2108 Actual detected object count: 0
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 14th, 2011, 6:55 am

Garry Selman,
InCD is the program that formats R/W type discs, and recognizes them as R/W when you plug them in. It's part of Nero.
The InCD service is somewhat troublesome, and I would prefer that it not run automatically.
I will end up stopping it (later) so it doesn't run automatically, but you can still use it from Start, All Programs if necessary.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 14th, 2011, 9:12 am

Hi again Askey 127.

This OTL scan did not complete. During the scanning process I got a popup error message stating:

Windows - No Disk

Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
........................ Cancel ...... Try Again ...... Continue ....................

Clicking on "Try Again" produced the same error, so I clicked on "Continue", and the scan did eventually finish, producing the results posted below :




OTL logfile created on: 14/08/2011 13:54:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Garry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.49% Memory free
2.79 Gb Paging File | 2.38 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.45 Gb Total Space | 17.44 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 149.46 Gb Total Space | 138.90 Gb Free Space | 92.93% Space Free | Partition Type: NTFS
Drive L: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.86% Space Free | Partition Type: FAT

Computer Name: MUMA-AMD | User Name: Garry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/14 13:51:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 12:23:40 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004/06/04 13:32:24 | 001,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/08/14 13:51:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/11/11 22:09:38 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/06/04 13:32:24 | 001,151,090 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/05 09:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/07 19:11:36 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/11/30 16:23:02 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/08/15 23:28:20 | 000,049,164 | ---- | M] () [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\XMS1563K.SYS -- (XMS1563K)
DRV - [2007/07/09 06:48:44 | 000,020,622 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmndis.sys -- (USB_NDIS_51)
DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2007/02/16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/13 03:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/10/30 03:52:18 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/10/30 03:52:04 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/30 03:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/30 03:51:30 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/30 03:51:24 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/04 13:36:50 | 000,091,136 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/03/02 17:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004/03/02 17:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2004/01/09 14:24:40 | 000,049,164 | ---- | M] () [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\MFX.sys -- (MFX)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/06/03 12:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 13:57:16 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cirrus.sys -- (cirrus)
DRV - [2001/08/17 13:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&webmaster_id=%webmaster_id&affid=%affid


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-854245398-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-1935655697-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 06:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/09 21:11:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/09 21:11:26 | 000,000,000 | ---D | M]

[2009/03/11 14:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions
[2011/07/19 20:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\4q7whth4.default\extensions
[2011/06/04 11:00:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Garry\Application Data\Mozilla\Firefox\Profiles\4q7whth4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/19 20:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/16 00:28:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/27 00:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/10 02:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 00:12:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/14 23:50:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/03/11 14:04:15 | 000,000,000 | ---D | M] ("Update Service") -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2011/08/09 06:52:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/01/27 00:36:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/19 20:38:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/19 20:38:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/19 20:38:09 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/09 00:33:26 | 000,002,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxstart.xml
[2011/07/19 20:38:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2003/03/31 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1935655697-854245398-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKU\S-1-5-21-1935655697-854245398-1957994488-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-854245398-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0562907625 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region-Free\DVDShell.dll (Fengtao Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/24 18:24:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8c3cef8a-2818-11de-b5eb-0002e31d1a31}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3cef8a-2818-11de-b5eb-0002e31d1a31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c3cef8a-2818-11de-b5eb-0002e31d1a31}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 13:52:47 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Garry\Desktop\OTL.exe
[2011/08/14 02:54:46 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Garry\Desktop\tdsskiller.exe
[2011/08/09 23:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry\Start Menu\Programs\HiJackThis
[2011/08/09 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/08/09 16:36:47 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/14 13:51:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry\Desktop\OTL.exe
[2011/08/14 13:33:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-854245398-1957994488-1003UA.job
[2011/08/14 05:33:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-854245398-1957994488-1003Core.job
[2011/08/14 03:00:36 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/08/14 03:00:07 | 000,012,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/14 03:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2011/08/14 02:59:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/14 02:59:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/14 02:58:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Garry\defogger_reenable
[2011/08/14 02:53:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\Defogger.exe
[2011/08/14 02:52:06 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Garry\Desktop\tdsskiller.exe
[2011/08/14 02:39:47 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\HiJackThis.lnk
[2011/08/13 09:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 06:45:48 | 127,368,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/07 13:38:51 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\Garry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 11:48:08 | 000,041,769 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\dentistcertificate-6.png
[2011/08/01 00:57:25 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\Garry\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint Shop Pro 7.lnk
[2011/07/30 16:17:53 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2011/07/29 16:46:54 | 002,367,354 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\Ford Interceptor concept.bmp
[2011/07/23 01:50:58 | 046,894,010 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\Stevie Wonder - Superstition (instrumental).wav
[2011/07/23 01:50:12 | 000,000,121 | ---- | M] () -- C:\WINDOWS\CTWave32.ini
[2011/07/23 01:40:27 | 000,000,283 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2011/07/22 19:46:25 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/22 19:35:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/19 23:07:27 | 060,016,178 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\I Level - Give Me (12'').wav
[2011/07/19 22:36:58 | 062,674,170 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\Brenda Taylor - You Can't Have Your Cake And Eat It Too.wav
[2011/07/19 08:05:51 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011/07/18 14:16:13 | 016,179,200 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\D Train - The Shadow Of Your Smile.mp3
[2011/07/18 14:15:38 | 016,233,535 | ---- | M] () -- C:\Documents and Settings\Garry\Desktop\D Train - Keep On.mp3
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/14 02:58:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Garry\defogger_reenable
[2011/08/14 02:54:46 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\Defogger.exe
[2011/08/09 23:59:36 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\HiJackThis.lnk
[2011/08/09 20:45:49 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
[2011/08/05 11:48:14 | 000,041,769 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\dentistcertificate-6.png
[2011/07/29 16:47:09 | 002,367,354 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\Ford Interceptor concept.bmp
[2011/07/23 01:50:55 | 046,894,010 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\Stevie Wonder - Superstition (instrumental).wav
[2011/07/19 23:07:22 | 060,016,178 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\I Level - Give Me (12'').wav
[2011/07/19 22:36:54 | 062,674,170 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\Brenda Taylor - You Can't Have Your Cake And Eat It Too.wav
[2011/07/18 14:15:40 | 016,179,200 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\D Train - The Shadow Of Your Smile.mp3
[2011/07/18 14:15:06 | 016,233,535 | ---- | C] () -- C:\Documents and Settings\Garry\Desktop\D Train - Keep On.mp3
[2011/04/16 01:10:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/11 14:04:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/20 17:36:32 | 000,002,413 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/20 17:36:01 | 000,004,644 | ---- | C] () -- C:\Documents and Settings\Garry\Application Data\NMM-MetaData.db
[2007/10/26 15:57:33 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/10/12 19:10:38 | 000,001,374 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/24 21:45:39 | 000,000,115 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2007/09/22 11:55:18 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/09/22 11:55:18 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/09/22 11:55:18 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/09/22 11:55:18 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/09/22 11:55:18 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/09/22 11:55:18 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/09/22 11:55:18 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/09/22 11:55:18 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/09/22 11:55:18 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/09/22 11:55:18 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/09/22 11:55:18 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/09/22 11:55:18 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/09/22 11:55:18 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/09/22 11:55:18 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/09/22 11:55:18 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/09/22 11:55:18 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/09/22 11:55:18 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/09/22 11:55:18 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/09/22 11:55:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/22 11:52:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/09/16 17:09:18 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/15 19:53:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/09/15 13:00:39 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/09/10 22:00:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/10 22:00:17 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/10 22:00:17 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/10 22:00:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/09/10 22:00:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/08 11:37:25 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Garry\Application Data\internaldb8467.dat
[2007/09/08 11:37:25 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Garry\Application Data\internaldb6334.dat
[2007/09/08 11:10:31 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Garry\Application Data\internaldb41.dat
[2007/08/31 17:00:59 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/08/26 14:57:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\gl.dll
[2007/08/26 14:57:40 | 000,006,138 | ---- | C] () -- C:\WINDOWS\System32\e1.ini
[2007/08/15 23:29:51 | 000,003,982 | ---- | C] () -- C:\WINDOWS\kj01d.sys
[2007/08/15 23:28:17 | 000,049,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\XMS1563K.SYS
[2007/08/15 23:25:53 | 000,000,178 | ---- | C] () -- C:\WINDOWS\z56k2.ini
[2007/08/15 23:25:18 | 000,049,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\MFX.sys
[2007/08/15 23:25:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cdlock.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/11/11 21:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/11/01 14:18:32 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\mwsc.dll
[2006/10/29 23:41:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/26 22:38:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2006/10/26 22:21:04 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/10/26 22:20:34 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/10/26 22:20:28 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2006/10/26 22:20:20 | 000,000,455 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2006/10/26 22:08:49 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/26 15:44:02 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\Garry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/25 18:21:16 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5E664EA659.sys
[2006/10/25 18:21:15 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/25 16:10:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/10/24 22:07:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/10/24 19:55:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/10/24 18:33:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/24 18:18:55 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/24 17:23:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/24 17:21:46 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/04 10:11:06 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\PawLib.dll
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/31 14:00:00 | 000,462,744 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 14:00:00 | 000,079,948 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/05 16:05:16 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\symplisc.dll

========== LOP Check ==========

[2011/08/02 10:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/10/29 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BF8051E7-626F-4a11-AF7A-625A7B555862
[2010/10/18 22:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/11/11 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/12/20 04:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/08/09 20:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2006/10/27 22:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2007/09/15 12:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/10/01 21:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/05/21 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/09/24 23:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mwas
[2007/09/15 13:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/12/14 20:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/10/21 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/10/21 12:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
[2010/05/01 10:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/10 18:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/08 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/16 22:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beryl\Application Data\AVG10
[2007/10/16 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beryl\Application Data\elertz Toolbar
[2007/09/24 19:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Beryl\Application Data\PC Suite
[2010/10/18 22:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\AVG10
[2006/11/01 18:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\DataLayer
[2011/01/11 02:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\DeviceDoctorSoftware
[2011/04/16 02:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\DVDVideoSoft
[2011/03/15 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\ElevatedDiagnostics
[2007/11/18 03:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\EPSON
[2006/10/27 23:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\GlobalSCAPE
[2006/10/25 00:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\InterTrust
[2006/10/29 15:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Jasc
[2008/04/14 23:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\LimeWire
[2011/01/17 23:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Meebo
[2007/12/20 17:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Nokia
[2008/01/18 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Nokia Multimedia Player
[2011/01/09 04:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\OpenOffice.org
[2006/11/01 17:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\PC Suite
[2009/03/12 06:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Spotify
[2007/12/10 16:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\Steinberg
[2011/08/14 02:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry\Application Data\uTorrent
[2011/08/14 03:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2011/08/14 02:59:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >


















OTL Extras logfile created on: 14/08/2011 13:54:15 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Garry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.49% Memory free
2.79 Gb Paging File | 2.38 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.45 Gb Total Space | 17.44 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 149.46 Gb Total Space | 138.90 Gb Free Space | 92.93% Space Free | Partition Type: NTFS
Drive L: | 1.83 Gb Total Space | 1.83 Gb Free Space | 99.86% Space Free | Partition Type: FAT

Computer Name: MUMA-AMD | User Name: Garry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1935655697-854245398-1957994488-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C6C929D-EEC5-4494-8514-A7B381E4E031}" = MatchWare ScreenCorder 5.0
"{42070CF0-746C-4085-9FE2-E0007864CB8C}" = Del Mp3 Karaoke 4.7.4700
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BEB2F46-3723-47CF-BF7F-39C453B9D977}" = DriverMagic
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"AnyDVD" = AnyDVD
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"CloneDVD2" = CloneDVD2
"CuteHTML" = CuteHTML
"DVD Region-Free_is1" = DVD Region-Free 3.10
"DVD Shrink_is1" = DVD Shrink 3.2
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.4
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"MOV to AVI MPEG WMV Converter_is1" = MOV to AVI MPEG WMV Converter 3.0.2
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Protected Music Converter_is1" = Protected Music Converter 0.99b
"RealPlayer 6.0" = RealPlayer
"ScreenCorder 1.0" = ScreenCorder 1.0
"Sound Blaster AudioPCI Drivers Online Help" = Sound Blaster AudioPCI Drivers Online Help
"Sound Blaster Live! 1024" = Sound Blaster Live! 1024
"Spotify" = Spotify
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Trust Mouse 14835" = Trust Mouse 14835
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WETCable" = Windows Easy Transfer
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP TCP/IP Repair_is1" = XP TCP/IP Repair 1.0
"YAMP v1.3" = YAMP v1.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-854245398-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/08/2011 17:06:55 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/08/2011 17:38:40 | Computer Name = MUMA-AMD | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 09/08/2011 17:43:03 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/08/2011 18:11:30 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/08/2011 11:51:11 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/08/2011 23:55:02 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/08/2011 23:57:52 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 13/08/2011 21:45:26 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 13/08/2011 21:52:42 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

Error - 13/08/2011 21:59:44 | Computer Name = MUMA-AMD | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 13/08/2011 22:14:35 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7000
Description = The AFD Networking Support Environment service failed to start due
to the following error: %%2

Error - 13/08/2011 22:14:35 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%2

Error - 13/08/2011 22:14:35 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7000
Description = The AFD Networking Support Environment service failed to start due
to the following error: %%2

Error - 13/08/2011 22:14:35 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%2

Error - 14/08/2011 00:33:01 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 14/08/2011 00:33:30 | Computer Name = MUMA-AMD | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 14/08/2011 00:33:31 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 14/08/2011 00:34:01 | Computer Name = MUMA-AMD | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 14/08/2011 00:34:01 | Computer Name = MUMA-AMD | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 14/08/2011 00:34:31 | Computer Name = MUMA-AMD | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 15th, 2011, 6:57 am

Garry Selman,
-----------------------------------------------------------
Check Hard Disk For Errors
Go to Start->Run, then type or copy/paste the following command into the box and press OK:
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Please do all of the following tasks at one time, with no surfing in between.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop BUT DON'T RUN IT YET.
-----------------------------------------------------------
Download the ComboFix Program
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the download file.
We will remove your Antivirus BEFORE we run ComboFix.
.
Download ComboFix from here
Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
**Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
SAVE IT AS zzz.exe to your desktop, BUT DON'T RUN IT YET.
---------------------------------------------------------
Remove AVG
The analytical tools we use do not work properly with AVG installed.
For this reason and others, we will be removing your AVG antivirus in the following instructions, and installing a different antivirus later.

Go to this site: http://www.avg.com/us-en/download-tools
For your 32-bit machine, download this to your desktop:
AVG Remover(32bit) 2011
(avg_remover_stf_x86_2011_1322.exe)

Double click the remover. It will require a restart.
-----------------------------------------------------------
Run ComboFix (zzz.exe)
  • Now double click zzz.exe on your desktop. OK any disclaimers and start the scan.
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
Don't do any surfing until you complete the following:
-----------------------------------------------------------
Install, Update, Scan with Microsoft Security Essentials
Double Click the icon for Microsoft Security Essentials.
Let it Install, update itself, and run a scan. Have it delete anything it finds.

So we are looking for the Check Disk report, and the log from ComboFix (zzz.exe)
Feel free to use separate replies.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 15th, 2011, 8:16 am

Hi :)

As I suspected when first reading through your latest batch of instructions, I thought we'd come across an issue when trying to implement the line: If it is not, make sure you are connected to the internet as ComboFix needs to download a file.
The reason if you remember for my first contacting you, was an inability to connect to the internet, as the LAN connection is constantly in a Acquiring Network Address state.
I will post the results of the two AVG fix report files, the checkhd log, but as the system is now at a stop, I cannot supply a ComboxFix log as yet.
Is there a way of manually installing the Windows recovery Console on the effected pc before running the ComboFix app?





The type of the file system is NTFS.
Volume label is Mum XP.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

42419596 KB total disk space.
23883932 KB in 101310 files.
52088 KB in 10719 indexes.
0 KB in bad sectors.
237052 KB in use by the system.
65536 KB occupied by the log file.
18246524 KB available on disk.

4096 bytes in each allocation unit.
10604899 total allocation units on disk.
4561631 allocation units available on disk.
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 15th, 2011, 8:16 am

"Running zap for product code {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}:15/08/2011 12:39:50.06"

C:\Documents and Settings\Garry\Desktop>C:\DOCUME~1\Garry\LOCALS~1\Temp\avg-f89fb474-cb61-495e-a7c7-f56d9dbeda52.exe TW! {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} /nologo


***** Zapping data for user S-1-5-18 for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} cached package. . .
Removed file: C:\WINDOWS\Installer\e67d718.msi
Searching for install property data for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Removed \455CAE029F596294D8A94CFFE34CC427\InstallProperties
Searching for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}
Searching user's global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code '455CAE029F596294D8A94CFFE34CC427' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching old global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code '455CAE029F596294D8A94CFFE34CC427' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427
Searching HKLM\Software\Classes\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Removed \Software\Classes\Installer\Features\455CAE029F596294D8A94CFFE34CC427
Searching for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} in per-user managed location. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Removed client of component 01FCD203E42248E4DBF7F1291EF7BD69
Removed client of component 02B5D3BBE36CD054192F35D45661E5B6
Removed client of component 03B656C6C2AA2F44EA80221C0B7875A8
Removed client of component 042671E0252CEA84689EA0CB0F2959EE
Removed client of component 044DB212FED836D41A4FE00EE9DC100E
Removed client of component 05FA1762803A8494BBF0B3EBE96D0AAC
Removed client of component 061EEE5D984E24D4E8DD5DF6A0C485F4
Removed client of component 06C31B548D6A8664BB577E4FD9ABF67A
Removed client of component 09D57A7D52A27834ABE806C7B192FE65
Removed client of component 0B4D42C75C0910E4291C96EF80AE4A06
Removed client of component 0B81368A39B8DD644B1B6FF7CE4683B0
Removed client of component 0C8E35977A7CB764FA6C2391AEFB1D5D
Removed client of component 0D70348724D142A4EAA4F638D54A97D6
Removed client of component 119F0421DE6B1564DB33CE0D640F82B9
Removed client of component 146B292F66D388944ACC6D39A7391289
Removed client of component 14D5FFE54E51D30498208A61319F2896
Removed client of component 158ED5515654E8344AF5F0FFC1D4998C
Removed client of component 16C4829923A9EA04A80B9B261B630758
Removed client of component 18D705324F6F6CB46A5ADE791C613605
Removed client of component 190CBB0CBAE51144680AD2FF383DF038
Removed client of component 1972D055C1A5F3D439EF6577BD323176
Removed client of component 199BE8FC07C810947BF29C10ABE02E04
Removed client of component 1ACC957DED687B0429F9306C9BA33B9B
Removed client of component 1BD7AFAD188455B4E88D1407BB3E3422
Removed client of component 1C286DA0094343F42AC2AE881FDF1646
Removed client of component 1CEF753AA513EC14783EBD8CBA5C79BD
Removed client of component 1CF4728E6EAF5C244A7B363616615EE3
Removed client of component 1D6D7A76136EC7F4F94194704B567B76
Removed client of component 1E1E5546DE1021640BC34E872AC8699E
Removed client of component 1F66A49279DC4B64F8D923A910E85304
Removed client of component 1F96050D2B9C8124CB63B995CA303E72
Removed client of component 2041B93C30F5E5549B3EE8DD5C501F29
Removed client of component 208F00E9F61CE7643B5C39B7E2961F72
Removed client of component 20CDE49C59E993742A7DA10843B976AB
Removed client of component 20E617439F0F0874F9796AC716BA2550
Removed client of component 2166F26E1889C4E4D9F9805B063C8B65
Removed client of component 21F8040D4EFB2184C93600D1DAB67824
Removed client of component 236DA740634D3B74D9C750B59F4FBE2C
Removed client of component 254968AEB0C431E40AD8B935986009D4
Removed client of component 25CF3F5C8758BBB4DAF9A8855BBC150B
Removed client of component 275596C0E3F9C044E8052AB4B272A233
Removed client of component 2766A92CF5FB2A845BF223AD88835B11
Removed client of component 28111DB372446E244BE74F909108CA51
Removed client of component 28B35084D6B1978479B038A007905859
Removed client of component 28DE6AAFA7DF76345BE5DECC8017A986
Removed client of component 2A4860A6274B3B44D8A49CD3DE487D5B
Removed client of component 2ABE9BEA9BCC01A40A1CEC350425F7C6
Removed client of component 2BD2962EDE32B4847BE3EFF6F4088D39
Removed client of component 2C3D8BA6EF8F6A642BB5EAD7900807EB
Removed client of component 2D539B57F40242E4CA6CF9C65398CCF8
Removed client of component 2E48EA61FB7BE474BAB37654550180D3
Removed client of component 2E7662BBEEE6A5044929F6A876D30665
Removed client of component 2EBE4911CA052B245A77EF07F5C7FFC8
Removed client of component 2FAB89FA32B946A459D7C8992E88F76C
Removed client of component 307A0903C850D7F45BDA392A9613C228
Removed client of component 3084C66744E921543BDFB5A6978862F8
Removed client of component 3164ED50FDE7FF442B1C3B8983D6D4EF
Removed client of component 31E8EF8CCB311F84AAEFCB73B0872748
Removed client of component 346AA024609CE524F95C8DF6C0A4499D
Removed client of component 356F0772C31509D4A9063FD112CC8207
Removed client of component 35700D2BEB7C10343A7EF68BC64F1F16
Removed client of component 359ECDCCD3B03434DABDD3C9B108D6EA
Removed client of component 35CE4D8B1CD1852459D5C9814EA25CF0
Removed client of component 3808D1B60A205D44190F8D70BE50C5E5
Removed client of component 3883DE33BC973694293BFDE2F709177B
Removed client of component 38BBD8BC21F93FE44BFFD61ACF65ED33
Removed client of component 38DBC2A97F8FE9244A611D9A63E812CE
Removed client of component 39F70EDEF7568844A90CAB9778624D52
Removed client of component 3C190DB0C53D9E24A9DFAAD00E42651F
Removed client of component 3C38FF15DB37A994F8529B3CF182C98E
Removed client of component 3E277BB2FA71CC04C918FD3DC294655E
Removed client of component 3EF15E7441D99DB4EBE3466B86F299CA
Removed client of component 3F2F917D9144FCB4E9724F00FDC381EB
Removed client of component 3F39A00BF86D74C499507439A1C88E17
Removed client of component 3F63B5861A8FCE34FBE7C659601C50B5
Removed client of component 3F9D4A79D1ACB8B4BB67B4FA80AC0C08
Removed client of component 4193A0F7653A52F4983A75C522E6FDAF
Removed client of component 4265D2B4C74BB794A95E5FA6DD597C76
Removed client of component 42E94D4B8B146A14E94A6F076BE32046
Removed client of component 44C774D93E6260A48B41F980E916442C
Removed client of component 452C08BAEAD21F64F8D99C2C0CEFA3D2
Removed client of component 456395DE75454274F88FC7FC839F10AA
Removed client of component 466DCA1D98D6DF44CBC7ACF5B395A6D2
Removed client of component 46A19BC1DF607E74998E113E432BC70E
Removed client of component 47689967A1D1F8F4D918D1938F738BAD
Removed client of component 4963F3AC865F18A4691841EC5BADB776
Removed client of component 49F7029E336722449AB0FB53C4AB6D06
Removed client of component 4CA04824181946F4192DDBB214DC148A
Removed client of component 4CF6BD130E1D7D34CB34757F14894DAC
Removed client of component 4D01797DD7EAD684CB6C1A82098DADC4
Removed client of component 4D0F8D601AD5CDF46868DEB4DA0A79C1
Removed client of component 5009F1514BC3FC44BB7D5C73BB04C8B1
Removed client of component 50B09B06CDAFC0E40B4D45446583FC84
Removed client of component 50C5D6DEBAE514B48AF73E4023666699
Removed client of component 50D60A9C5EC17BC45B6617EA5F0E2E95
Removed client of component 515897A71A2F9C9418DFA49E7ABA3558
Removed client of component 527EC73B0D01C58488E931A5FF57D2DD
Removed client of component 53325026A7E767841931B2012507CADC
Removed client of component 534E95E66C590274AA00760327627FB6
Removed client of component 536A9DDC92829114785BFCC60397332D
Removed client of component 53B1A220D412D9F4889926613F7D8C84
Removed client of component 55443FFE81F6E8246B3F0DB3451622A3
Removed client of component 557FABB0CFD0F2A489753ABD0DCACED6
Removed client of component 56007132D4EA24249A2D6B13705A3A88
Removed client of component 560BCECF1C1DE9946BC5F9335C1EF6BA
Removed client of component 572EFEB84D7988D41868BC46E63175F9
Removed client of component 5A582AFBFA37ED544B9CE7113A447CDD
Removed client of component 5A7A66CE82D4A15408ED6F0879250245
Removed client of component 5AC7DF09045927342B57E8580F4F3C3C
Removed client of component 5B213F41228A0A241B98F1FAD6599B34
Removed client of component 5CA9956D46E2A784DB1C37FAFBB7534D
Removed client of component 61415C156E48C7B4491D0F25A33AAE9E
Removed client of component 614DB733238EED4419DC809EED87F9DE
Removed client of component 622DA33FAC27DB141BE3764B21D8FDAF
Removed client of component 62349A9365449AD428E05243408CD26F
Removed client of component 624BB461518C0F94CB88FFBA9572EEC0
Removed client of component 628181AD3D4FF8047B991C82551D260F
Removed client of component 65A7EF5FE6132F944B6C73BADE8E2EF9
Removed client of component 65D469FD10D3BAD4BB0E32C5DE4CF813
Removed client of component 662C98456F2926D42A281B1645069046
Removed client of component 670BFED84B2B07A4B8C3D59753AD79D0
Removed client of component 67479F382DAEBDC42887D338758D3ED4
Removed client of component 67D0CFAA01E141648AF4CED9C9674C33
Removed client of component 6950D1E103AF7C8439542687B2DC5038
Removed client of component 69A6F144A153F364499AD9E627047D55
Removed client of component 6A39E9E2F5FA8BA4984AD2DF7E97B145
Removed client of component 6A93A02ADE963AB4EA3963505708CD0D
Removed client of component 6AF166B4AFE6B27479E2C1DD06DDC6CC
Removed client of component 6AF82F4C11D637542B3D081FA12BECF1
Removed client of component 6D8684F49BDB6EA468BE0ECA75BC8247
Removed client of component 6E625B399DD6CB549AE33AEF4E330068
Removed client of component 6E6FF127F8160714980354ACCC5F115B
Removed client of component 710369C53E01E194EB3B1D70D079BECA
Removed client of component 713733403B6623740A0C6726180BC050
Removed client of component 713CFA7102D2DA246B3CCADB11E3EA2C
Removed client of component 718FC86ADC829BD46B95B0C7C067E64D
Removed client of component 72CFEE980CF3D334DBD06404F2BC76AF
Removed client of component 7309A42DE3C6A59419F00AF92729F30D
Removed client of component 7335F3A683DF6414BA53E3BC927A3F90
Removed client of component 760708E15764F424094D1BF56887CEA6
Removed client of component 76AF2CAFD0BA08F4FB87AB77F7A7153C
Removed client of component 774F2D3700943ED45809F2747645B8AE
Removed client of component 7807090397DF2BE4785478B73671B0FB
Removed client of component 78373055C36C6D444AB59C5870C92D4A
Removed client of component 787837FDA36325349AB24F8EB45CA8AB
Removed client of component 787DAE6523949D443ADEAFC0A16422CC
Removed client of component 79E5FBA13B020974F9BA32D8126DC5FA
Removed client of component 7A60F5D829989804884CD98CA40644EC
Removed client of component 7A80C837F8705DB49921A423B399D1EE
Removed client of component 7AE8A4C6FA6F1144EB0A7F8EDC02E54C
Removed client of component 7B37B61E01A6C1F408FBB1F5119ED4E6
Removed client of component 7B6A8D4EA2164C241B3BC6B32E673BB4
Removed client of component 7BB95CCC171D0C84B8C0F71D873E27E0
Removed client of component 7D574CDB7C7209D479BB58E16EAF61D8
Removed client of component 7DC84CC5D61C8044EA493FD043E84ECD
Removed client of component 7DE6AF5528770684F840259B04AE06B2
Removed client of component 7E9E1269558E5D746B4FE30BBC34331A
Removed client of component 7EA7B382A8A2F5641889FFD311F914CB
Removed client of component 8078B1BE59A52AB4FA7AF0C3664B0874
Removed client of component 80A65306D0A511F4495892E514AF46E9
Removed client of component 80B8B4AB423B7E849A69BC1D881AB9FF
Removed client of component 812650AB922197D4F89F278FDB22370F
Removed client of component 83684C77A6998F04B8CBD9287F5106E4
Removed client of component 84CD1ED275C97C243A5B5020DA3B125C
Removed client of component 84D3D3A2F1D879C4FB0C7076A63FACD9
Removed client of component 862DD31D0E166B248863A6721F7A43F2
Removed client of component 86EC69F0D2949FB47A43547EE2007F32
Removed client of component 877E6F3B966216149BA2E9B6088154C8
Removed client of component 88564E146649AFE4384DCDFB6D84DF28
Removed client of component 891782562174A5043B638EF0A6A2AFE6
Removed client of component 8B5BC1C170CABFA4D85081BEEA06E6A9
Removed client of component 8C5CE9B9ADC669F47A747E30C085450D
Removed client of component 8CC393E6BC374634E93F8D4003BC32B3
Removed client of component 8DC0BF22005B2D341B04E44AE4218596
Removed client of component 8EA37F1A5BAA1F04AAEA5E7FA1323667
Removed client of component 9116BDADFB52D1D4B8EAE84F58BFC20F
Removed client of component 915AB6037E7AE204285693BC72E0B7D7
Removed client of component 925ED1FE1D8204E40AE425737663FE5A
Removed client of component 92A6F697115EA3F4592720A49CE6CC30
Removed client of component 937F46D7D0CE298438C0798B47601D03
Removed client of component 943E3306582E7D8408DF36D24E18459F
Removed client of component 946753B71D253D540B2B0C6782E21EF2
Removed client of component 95083F66D53D68A48B7909032900678B
Removed client of component 964A33E77500CC34B8D3F5DEAD6212A6
Removed client of component 9664BA4F1C76AA44CA18D7B5960806D5
Removed client of component 96BA4215C462672498614B6C03CB4173
Removed client of component 9767C8D0C196D2C4BB1D3E956284039A
Removed client of component 9A9BCA6AA153AB244AC954C7BB242C89
Removed client of component 9C39C80809FAD194C98272242A2A9FA2
Removed client of component 9D0CD3169E713D448A27C5C8EBB374A8
Removed client of component 9E2FC7DED3ABDB843A0DE682A028C61F
Removed client of component 9E8AA7D91434644479E9F017A2A2A750
Removed client of component 9ED8FC6AE0A3E3441AC440382778432E
Removed client of component A0009D2BB34958440B334EDF5894B347
Removed client of component A04E7678D2EEF1244AD921C7B84D181A
Removed client of component A0513AEF7C219284DA9518167EE77082
Removed client of component A1A67CC53DE1C5E44B525ACF76443532
Removed client of component A26CE9BE23710D548B016E3D862A3AD9
Removed client of component A356DB03D439C944BA8E4936AF9FA85C
Removed client of component A5358247F42D82A41BD1D77A98141F8A
Removed client of component A5F74ECDA88BA174E967BDE71E2F0201
Removed client of component A754AE0AE1C52EC498470B0914896271
Removed client of component A831AADB50070434A9A0057491F3F61F
Removed client of component A8C97FE663C197C49861E6DEF176B168
Removed client of component A90B54E7594581E4DABC7DA3D1D3C30D
Removed client of component ABDC99C292EA1A748B17A2F0F6CA990C
Removed client of component AEC4428EA000C324181FE263620DA9F7
Removed client of component AEE191DB8BA62FB44B3602E0FB2F7864
Removed client of component B04C49EB8233D034392320185F97E907
Removed client of component B0E297D94344B5E4D95EC487B714918C
Removed client of component B0EBEB8B90FD2A44D817161A42C4F27C
Removed client of component B1581F48DCD87E04D964A1BB8D9EF9AF
Removed client of component B23B04DE31DCE024186C6B4803F75148
Removed client of component B25CC2EF41E94EF46B7F45F17BFAE802
Removed client of component B355F2139DAE37F439E3D0491B12FAEF
Removed client of component B52395BCD5BDFEA4DA22A5CDB8F88F8E
Removed client of component B58B590F2EA568E4FAE9E8A4EBBB3A36
Removed client of component B591DB3C13D1EEE42A41720AF676BBEA
Removed client of component B5C062C5B6B0FFC4F96CB01D74389136
Removed client of component B6A42D58B82A0644BBE264F68F856F8A
Removed client of component B6D0804A314D9794CB2DC1CA9447CC87
Removed client of component B7AA62F40BBCFDA499B2FA4C6B01E8D7
Removed client of component B8967D2B8DC3DD4449D3D4B65C20B7D9
Removed client of component B93D21F9D82BF9248A2561779F9160D6
Removed client of component BAFF687AF446F5B46A7FB37B12D2BBB0
Removed client of component BB4FC25E0325B9445BD1E6A2676147C7
Removed client of component BDD0C5613AF897D4197F8F5FEDB45732
Removed client of component BDD67497789E1464C8A70DE4276A22D8
Removed client of component BEEDE10259F196E45A2A98C49E71C0A9
Removed client of component C032E4B2ACEA274499F19275F3DEF9E2
Removed client of component C0DA5C95B68D19542A4BC7C51C6E5FA0
Removed client of component C10712E6A1C041045993C591FC75AE90
Removed client of component C16DD91DD6A92A9498C6531D8485BF6A
Removed client of component C22E7ECE09559B049977F27E8F4517CD
Removed client of component C3D68B4EDEE987446840EFF887474B48
Removed client of component C4074F74B9612E4479EFD8DBDB3FC460
Removed client of component C4CFB718387E9EB45B407A8E4B14264A
Removed client of component C643EA603CC66CB42A0988C1AFB7CAC7
Removed client of component C6DFC883752E2C14CA91A7CD690AF7D6
Removed client of component C70FDFDD1A3694241B265AF70F95753E
Removed client of component C7897ED9687975D42A469351DCF48727
Removed client of component C8D411B293EC5C84EB6AAC10E34FE08B
Removed client of component C8F17408A6868B04EA7005829E3E3B70
Removed client of component C8F5FBEFA4609544990E91C8ABDA1EB8
Removed client of component CA359A336EDC03340B7B442545633E87
Removed client of component CAA4C879396FB664189237238D2761FA
Removed client of component CB1C591D54803FF44AAFF260B0F2FDF8
Removed client of component CCBB7A82FA587804E9E17372C8FEA953
Removed client of component CD493820DBE49A64EB37FF35162D46E1
Removed client of component CE24EB5395D4098408985C1A8EF7FD72
Removed client of component CE79C231997464846920C2A6994F757B
Removed client of component CF46CB5594863994DAEAB1D26BA622FA
Removed client of component CFAFE89D2D474024F9B8041C95B02B1B
Removed client of component D1E982AFA3FA41141BF084AC7002D3AC
Removed client of component D31C167A1DA8B6D4887F815D67940A4A
Removed client of component D37BBEEA71DA17D44A6441D5A27ABAF7
Removed client of component D3A36F44E4E202F45886B8D066E9867B
Removed client of component D45FAF5A8F39D104AB2430EA7B8D9247
Removed client of component D507B0390BA4690488752856FDF0B8DF
Removed client of component D6782606088F3E646A9BE10C752FE64C
Removed client of component D85FC556BA486264680C6EDF290EEF87
Removed client of component D9D35EAC325B16A4D89C951913E73C3D
Removed client of component DAE4C5F4AF338234BAAF316742642FBD
Removed client of component DB66AFEE3FD2EAA4E9A6F9C1515116D5
Removed client of component DBBF8EF3B7A97794EA27E6077BE19348
Removed client of component DC10F42CD6A97854898E1D65A1467111
Removed client of component DF1484F6E83C36A43960BAE096851914
Removed client of component DF22920DD20934B4C9F7642118A3E348
Removed client of component DFD78421A31C6F64E903259DF249AC9E
Removed client of component E09228E6A4E974D48B82F23BFE74F89E
Removed client of component E174053F35F54E84796121374566A3F6
Removed client of component E1807EEC121E86049A3B21536FFDE8FD
Removed client of component E3B3405267B1A6342A9FF2172BD5E948
Removed client of component E4E566A623D410D41A6ACA249ECAE651
Removed client of component E74FB79A32C918C45BC9C5EDF28CBAAE
Removed client of component E8E2113991FD883468F598115552E136
Removed client of component E92D9782B38B3604F9224BF9490D8B2B
Removed client of component EA955E849BA389C42AF280F65C6712B6
Removed client of component EB9940BABCBF03C4E8BDCDE75AE4C5E6
Removed client of component EC151EFFB5D460A4090BC574BCD03104
Removed client of component EC3D273082FE98740B392E23766278E0
Removed client of component EDC61D5A9F1EEDB4A8F907F92CE5F74A
Removed client of component EEAA7902D0BB32D499F91081D870A7C6
Removed client of component EF76D2C7D5D1FBB48908C9CFB40F6F42
Removed client of component F2B3340058B51CA43ACC4909FB710651
Removed client of component F33E0818678B19248B36A6D1F5CC799D
Removed client of component F51F80D2012C87544B318F1DFBB3F709
Removed client of component F72A2D39AF133F1408555D2169B80C5A
Removed client of component F762B380CA9EA734F9DDC58C6F2F3ACB
Removed client of component F7BEFD5901188644DBF6B01C7F8C6861
Removed client of component F89C76444B0DEFA4780CFAF01216C97F
Removed client of component F984E318247A20E4486C8146FA280C07
Removed client of component FD29E8C4A470D0348B4FC53B279114FE
Removed client of component FD52503A76ABF414D8E9CD0410E2F482
Removed client of component FE9B611DDB47CB64BA7DFEF4AA0D9A36
Removed client of component FEAAE1DCD1014914289DADAB25AF586B
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Searching for Installer files and folders associated with the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder


***** Zapping data for user S-1-5-18 for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} cached package. . .
Searching for install property data for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching user's global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching old global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Classes\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} in per-user managed location. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Searching for Installer files and folders associated with the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder


***** Zapping data for user S-1-5-21-1935655697-854245398-1957994488-1003 for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} *****
MsiZapInfo: Performing operations for user S-1-5-21-1935655697-854245398-1957994488-1003
Searching for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} cached package. . .
Searching for install property data for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching user's global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching old global config location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-machine location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKLM\Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Classes\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching old per-user location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKCU\Software\Classes\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKCU\Software\Classes\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching per-user location for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKCU\Software\Microsoft\Installer\Win32Assemblies for Win32 assembly data for the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching HKCU\Software\Microsoft\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKCU\Software\Microsoft\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching for product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72} in per-user managed location. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\UpgradeCodes...
Searching for patches for product 455CAE029F596294D8A94CFFE34CC427 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Products\455CAE029F596294D8A94CFFE34CC427\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Products\455CAE029F596294D8A94CFFE34CC427 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Features\455CAE029F596294D8A94CFFE34CC427 for product feature data. . .
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 455CAE029F596294D8A94CFFE34CC427. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Searching for product 455CAE029F596294D8A94CFFE34CC427 client info data. . .
Searching for Installer files and folders associated with the product {20EAC554-95F9-4926-8D9A-C4FF3EC44C72}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
"Running zap for product code {695B13B2-7919-4EC5-8601-092F0D2DE069}:15/08/2011 12:39:52.68"

C:\Documents and Settings\Garry\Desktop>C:\DOCUME~1\Garry\LOCALS~1\Temp\avg-f89fb474-cb61-495e-a7c7-f56d9dbeda52.exe TW! {695B13B2-7919-4EC5-8601-092F0D2DE069} /nologo


***** Zapping data for user S-1-5-18 for product {695B13B2-7919-4EC5-8601-092F0D2DE069} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {695B13B2-7919-4EC5-8601-092F0D2DE069} cached package. . .
Removed file: C:\WINDOWS\Installer\c330a2.msi
Searching for install property data for product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Removed \2B31B59691975CE4681090F2D0D20E96\InstallProperties
Searching for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{695B13B2-7919-4EC5-8601-092F0D2DE069}
Searching user's global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code '2B31B59691975CE4681090F2D0D20E96' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching old global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code '2B31B59691975CE4681090F2D0D20E96' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96
Searching HKLM\Software\Classes\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Removed \Software\Classes\Installer\Features\2B31B59691975CE4681090F2D0D20E96
Searching for product {695B13B2-7919-4EC5-8601-092F0D2DE069} in per-user managed location. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Removed client of component 30EC774F6371B044A932CFA7E5F864A8
Removed client of component 6860D4C172F342148B20044D4C8D338A
Removed client of component 8CCEAF1C1D1864A41B1B312AD7682868
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Searching for Installer files and folders associated with the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder


***** Zapping data for user S-1-5-18 for product {695B13B2-7919-4EC5-8601-092F0D2DE069} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {695B13B2-7919-4EC5-8601-092F0D2DE069} cached package. . .
Searching for install property data for product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching user's global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching old global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Classes\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching for product {695B13B2-7919-4EC5-8601-092F0D2DE069} in per-user managed location. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Searching for Installer files and folders associated with the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder


***** Zapping data for user S-1-5-21-1935655697-854245398-1957994488-1003 for product {695B13B2-7919-4EC5-8601-092F0D2DE069} *****
MsiZapInfo: Performing operations for user S-1-5-21-1935655697-854245398-1957994488-1003
Searching for the product {695B13B2-7919-4EC5-8601-092F0D2DE069} cached package. . .
Searching for install property data for product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching user's global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1935655697-854245398-1957994488-1003\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching old global config location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-machine location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKLM\Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Classes\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching old per-user location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKCU\Software\Classes\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKCU\Software\Classes\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching per-user location for product {695B13B2-7919-4EC5-8601-092F0D2DE069} data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKCU\Software\Microsoft\Installer\Win32Assemblies for Win32 assembly data for the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching HKCU\Software\Microsoft\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKCU\Software\Microsoft\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching for product {695B13B2-7919-4EC5-8601-092F0D2DE069} in per-user managed location. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\UpgradeCodes...
Searching for patches for product 2B31B59691975CE4681090F2D0D20E96 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Products\2B31B59691975CE4681090F2D0D20E96\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Products\2B31B59691975CE4681090F2D0D20E96 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1935655697-854245398-1957994488-1003\Installer\Features\2B31B59691975CE4681090F2D0D20E96 for product feature data. . .
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 2B31B59691975CE4681090F2D0D20E96. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Searching for product 2B31B59691975CE4681090F2D0D20E96 client info data. . .
Searching for Installer files and folders associated with the product {695B13B2-7919-4EC5-8601-092F0D2DE069}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 15th, 2011, 8:19 am

It seems that the contents of avgremover.log is too big to copy and paste in this forum.

"Your message contains 353614 characters. The maximum number of allowed characters is 100000."
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 15th, 2011, 8:54 am

I didn't/don't want the log from the avg remover.
Please run Combofix per instructions and post its log.

After the scan, if you lose track of it, it is located in the C: drive main directory > C:\Combofix.txt
Thanks\askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 15th, 2011, 9:13 am

As I just said, ComboFix will not complete as it needs to connect to the internet. The computer's refusal to do so was the basis for my contacting you. :)
It starts, seems to create a restore point, then wants to install the Windows Recovery Console, but cannot get an internet connection to download the required installation files.
Is there a way of manually installing the Windows Recovery Console on the effected pc before running the ComboFix app so it will complete and generate a log file?

Garry.
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 15th, 2011, 9:48 am

OK.
Go ahead and run Combofix without installing the Recovery Console.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 15th, 2011, 2:34 pm

Ok, thanks ... chose the option "No" when asked if wanting to connect to the internet to download the Windows Recovery Console.
Below are the contents of the subsequent ComboFix.txt





ComboFix 11-08-15.07 - Garry 15/08/2011 18:57:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1665 [GMT 1:00]
Running from: c:\documents and settings\Garry\Desktop\zzz.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Garry\WINDOWS
c:\windows\ali.exe
c:\windows\helper.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\twain.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-09 22:59 . 2011-08-09 22:59 388096 ----a-r- c:\documents and settings\Garry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-09 19:45 . 2011-08-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-08-09 15:36 . 2008-04-13 18:51 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-08-09 15:36 . 2008-04-13 18:51 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-07-19 19:38 . 2011-08-09 20:11 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-19 19:38 . 2011-08-09 20:11 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 12:57 . 2011-06-05 12:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-14 1637312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-08-26 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
2001-07-03 13:12 176128 ----a-w- c:\windows\system32\BMUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicLogon]
2005-10-14 08:01 12288 ----a-w- c:\program files\SymplisIT\DriverMagic\dmschedule.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIAMOUSE]
2007-09-12 18:33 2619392 ----a-w- c:\program files\Trust\Mouse 14835\lsmouse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-07-15 10:42 843776 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 14:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [07/12/2007 19:11 2368]
S0 MFX;MFX;c:\windows\system32\drivers\MFX.sys [15/08/2007 23:25 49164]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [15/08/2007 23:28 49164]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [10/11/2006 23:42 45696]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [24/10/2006 17:26 96256]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-854245398-1957994488-1003Core.job
- c:\documents and settings\Garry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-21 20:53]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-854245398-1957994488-1003UA.job
- c:\documents and settings\Garry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-21 20:53]
.
2011-08-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\4q7whth4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - Ext: Update Service: updater@foxstart.com - c:\program files\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-15 19:08:34
ComboFix-quarantined-files.txt 2011-08-15 18:08
.
Pre-Run: 19,133,030,400 bytes free
Post-Run: 19,836,170,240 bytes free
.
- - End Of File - - 6C69C6FFAAF0B8E78C8286FB6B2C00EA
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 15th, 2011, 3:28 pm

I am checking your log.
Meanwhile....
Instructions for the Recovery Console are here: http://www.instantfundas.com/2007/09/in ... -disk.html
It gives a method to install it from a CD, which you can make on another machine.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 19th, 2011, 8:56 am

Were you able to install the Recovery Console?
Were you able to install and run MS Security Essentials, even if it won't update?

Are you able to connect to the Internet with any browser, (i.e. Chrome, Firefox, IE).
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware