Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet explorer cant start

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet explorer cant start

Unread postby Basacag » January 1st, 2011, 3:44 pm

OK thanks askey127. I will put it to him, though I think he uses MSN aswell. Maybe time to just cough up for Windows 7...
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm
Advertisement
Register to Remove

Re: Internet explorer cant start

Unread postby Basacag » January 2nd, 2011, 10:32 pm

Hi askey127

I got him back with just the XP disk and a repair. On SP2 though so need to get the updates for SP3.

Here is the antivar that was running during the crash. I'll postt he others seperately.




Avira AntiVir Personal
Report file date: 30 December 2010 16:19

Scanning for 2311731 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Carl
Computer name : CARLSROOM

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 08:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 08:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:16:37
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:16:37
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:16:38
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:16:38
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:16:38
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:16:38
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:16:38
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:16:39
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:16:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:16:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:16:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:16:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 16:16:44
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 16:16:50
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 16:16:54
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 16:16:57
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 16:17:00
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 16:17:03
VBASE019.VDF : 7.11.0.229 2048 Bytes 12/30/2010 16:17:03
VBASE020.VDF : 7.11.0.230 2048 Bytes 12/30/2010 16:17:03
VBASE021.VDF : 7.11.0.231 2048 Bytes 12/30/2010 16:17:04
VBASE022.VDF : 7.11.0.232 2048 Bytes 12/30/2010 16:17:08
VBASE023.VDF : 7.11.0.233 2048 Bytes 12/30/2010 16:17:08
VBASE024.VDF : 7.11.0.234 2048 Bytes 12/30/2010 16:17:08
VBASE025.VDF : 7.11.0.235 2048 Bytes 12/30/2010 16:17:08
VBASE026.VDF : 7.11.0.236 2048 Bytes 12/30/2010 16:17:09
VBASE027.VDF : 7.11.0.237 2048 Bytes 12/30/2010 16:17:09
VBASE028.VDF : 7.11.0.238 2048 Bytes 12/30/2010 16:17:09
VBASE029.VDF : 7.11.0.239 2048 Bytes 12/30/2010 16:17:09
VBASE030.VDF : 7.11.0.240 2048 Bytes 12/30/2010 16:17:09
VBASE031.VDF : 7.11.0.241 2048 Bytes 12/30/2010 16:17:09
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 08:39:51
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 12/30/2010 16:17:58
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 08:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 08:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 08:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 12/30/2010 16:17:50
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 08:39:49
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 12/30/2010 16:17:43
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 08:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 08:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 08:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 08:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 08:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 08:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 08:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 08:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 08:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 08:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 08:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 08:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 30 December 2010 16:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'MsnMsgr.Exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'E_FATI9HE.EXE' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\explorer.exe>
[DETECTION] Is the TR/Spy.1033728.20 Trojan
[NOTE] Process 'explorer.exe' was terminated
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell> was removed successfully.
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\WINDOWS\SYSTEM32\winlogon.exe>
[DETECTION] Is the TR/Spy.507904.77 Trojan
[NOTE] Process 'winlogon.exe' was terminated
[WARNING] This process is a system process. The associated file will not be deleted.
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned


End of the scan: 30 December 2010 16:35
Used time: 03:33 Minute(s)

The scan has been done completely.

0 Scanned directories
476 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
474 Files not concerned
3 Archives were scanned
1 Warnings
2 Notes
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby Basacag » January 2nd, 2011, 10:32 pm

A full scan.

Avira AntiVir Personal
Report file date: 02 January 2011 22:59

Scanning for 2311731 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 1) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CARLSROOM

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 08:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 08:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:16:37
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:16:37
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:16:38
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:16:38
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:16:38
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:16:38
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:16:38
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:16:39
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:16:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:16:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:16:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:16:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 16:16:44
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 16:16:50
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 16:16:54
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 16:16:57
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 16:17:00
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 16:17:03
VBASE019.VDF : 7.11.0.229 2048 Bytes 12/30/2010 16:17:03
VBASE020.VDF : 7.11.0.230 2048 Bytes 12/30/2010 16:17:03
VBASE021.VDF : 7.11.0.231 2048 Bytes 12/30/2010 16:17:04
VBASE022.VDF : 7.11.0.232 2048 Bytes 12/30/2010 16:17:08
VBASE023.VDF : 7.11.0.233 2048 Bytes 12/30/2010 16:17:08
VBASE024.VDF : 7.11.0.234 2048 Bytes 12/30/2010 16:17:08
VBASE025.VDF : 7.11.0.235 2048 Bytes 12/30/2010 16:17:08
VBASE026.VDF : 7.11.0.236 2048 Bytes 12/30/2010 16:17:09
VBASE027.VDF : 7.11.0.237 2048 Bytes 12/30/2010 16:17:09
VBASE028.VDF : 7.11.0.238 2048 Bytes 12/30/2010 16:17:09
VBASE029.VDF : 7.11.0.239 2048 Bytes 12/30/2010 16:17:09
VBASE030.VDF : 7.11.0.240 2048 Bytes 12/30/2010 16:17:09
VBASE031.VDF : 7.11.0.241 2048 Bytes 12/30/2010 16:17:09
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 08:39:51
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 12/30/2010 16:17:58
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 08:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 08:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 08:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 12/30/2010 16:17:50
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 08:39:49
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 12/30/2010 16:17:43
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 08:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 08:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 08:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 08:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 08:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 08:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 08:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 08:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 08:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 08:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 08:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 08:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20101230-163515-9204A7CD.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 02 January 2011 22:59

Starting search for hidden objects.
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
[NOTE] The process is not visible.
[WARNING] The file was ignored!

The scan of running processes will be started
Scan process 'COCIManager.exe' - '43' Module(s) have been scanned
Module is OK -> <C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe>
[NOTE] Process 'COCIManager.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'firefox.exe' - '90' Module(s) have been scanned
Module is OK -> <C:\Program Files\Mozilla Firefox\firefox.exe>
[WARNING] The process <firefox.exe> could not be ended. Possible cause: System error [87]: The parameter is incorrect.
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'rundll32.exe' - '34' Module(s) have been scanned
Module is OK -> <C:\WINDOWS\SYSTEM32\rundll32.exe>
[NOTE] Process 'rundll32.exe' was terminated
Module is infected -> <C:\WINDOWS\rextrlo3.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qyivad> was removed successfully.
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'avscan.exe' - '71' Module(s) have been scanned
Scan process 'ctfmon.exe' - '31' Module(s) have been scanned
Module is OK -> <C:\WINDOWS\SYSTEM32\ctfmon.exe>
[NOTE] Process 'ctfmon.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Module is OK -> <C:\Program Files\Avira\AntiVir Desktop\avgnt.exe>
[NOTE] Process 'avgnt.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'Quickcam.exe' - '59' Module(s) have been scanned
Module is OK -> <C:\Program Files\Logitech\QuickCam\Quickcam.exe>
[NOTE] Process 'Quickcam.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'Communications_Helper.exe' - '46' Module(s) have been scanned
Module is OK -> <C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe>
[NOTE] Process 'Communications_Helper.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
Scan process 'jusched.exe' - '20' Module(s) have been scanned
Scan process 'Explorer.EXE' - '97' Module(s) have been scanned
Module is OK -> <C:\WINDOWS\explorer.exe>
[NOTE] Process 'explorer.exe' was terminated
Module is infected -> <C:\WINDOWS\avevubeqovuzi.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0}> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rwekotaxaroyuyev> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '76fecb43.qua'.
Module is infected -> <C:\WINDOWS\rextrlo3.dll>
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '481faba8.qua'.
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'SeaPort.exe' - '46' Module(s) have been scanned
Scan process 'LVComSer.exe' - '30' Module(s) have been scanned
Scan process 'jqs.exe' - '49' Module(s) have been scanned
Scan process 'alg.exe' - '25' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '29' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '21' Module(s) have been scanned
Scan process 'spoolsv.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'lsass.exe' - '52' Module(s) have been scanned
Scan process 'services.exe' - '31' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'avgrsx.exe' - '6' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned


End of the scan: 02 January 2011 23:28
Used time: 27:03 Minute(s)

The scan has been done completely.

0 Scanned directories
1155 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1145 Files not concerned
0 Archives were scanned
2 Warnings
17 Notes
513202 Objects were scanned with rootkit scan
1 Hidden objects were found
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby Basacag » January 2nd, 2011, 10:42 pm

OTL.txt

OTL logfile created on: 03/01/2011 02:35:24 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Carl.CARLSROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 154.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 45.39 Gb Free Space | 40.61% Space Free | Partition Type: NTFS
Drive E: | 475.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARLSROOM | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/07/25 15:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 15:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 15:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/19 23:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Ian\LOCALS~1\Temp\031861~1.EXE -- (0318611288873212mcinstcleanup) McAfee Application Installer Cleanup (0318611288873212)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/01/12 18:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2004/12/10 21:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelS51.sys -- (IntelS51) Intel(R)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/21 19:16:49 | 000,245,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2004/05/21 19:15:31 | 000,019,968 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {48C005B9-8E27-4FBD-A61C-47C1B85392F5}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 00:37:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/10 10:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}: C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\{48C005B9-8E27-4FBD-A61C-47C1B85392F5} [2010/12/02 19:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 23:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/29 23:05:57 | 000,000,000 | ---D | M]

[2010/12/29 23:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions
[2010/12/29 23:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/26 16:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/03 02:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions
[2011/01/03 02:28:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/29 23:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/29 23:05:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/02 19:13:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CARL.CARLSROOM\LOCAL SETTINGS\APPLICATION DATA\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}
[2010/11/10 10:27:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/03 19:43:55 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/03 19:43:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/12/03 19:43:55 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/03 17:47:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/09/28 14:23:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0} - C:\WINDOWS\avevubeqovuzi.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live UK Toolbar) - {77F40091-495B-4C46-9068-2B24C4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [\\UPSTAIRS\EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on UPSTAIRS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 20:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell - "" = AutoRun
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2004/08/04 00:56:46 | 008,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\explore\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\Open\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 02:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/03 02:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/03 02:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV
[2011/01/03 01:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/03 00:04:07 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2011/01/02 23:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/01/02 22:30:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/01/02 22:30:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/01/02 22:30:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/01/02 22:30:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/01/02 22:30:50 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/01/02 22:30:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/01/02 22:30:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/01/02 22:30:48 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/01/02 22:30:45 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/01/02 22:30:45 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/01/02 22:30:45 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/01/02 22:30:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/01/02 22:30:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/01/02 22:30:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/01/02 22:30:38 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/01/02 22:30:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/01/02 22:30:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/01/02 22:30:37 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/01/02 22:30:37 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/01/02 22:30:36 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/01/02 22:30:36 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/01/02 22:30:36 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/01/02 22:30:32 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/01/02 22:30:30 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/01/02 22:30:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/01/02 22:30:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/01/02 22:30:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/01/02 22:30:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2011/01/02 22:30:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/01/02 22:30:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/01/02 22:30:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/01/02 22:30:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/01/02 22:30:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/01/02 22:30:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/01/02 22:30:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/01/02 22:30:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/01/02 22:30:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/01/02 22:30:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/01/02 22:30:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/01/02 22:30:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/01/02 22:30:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/01/02 22:30:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/01/02 22:30:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/01/02 22:30:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/01/02 22:30:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/01/02 22:30:19 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2011/01/02 22:30:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/01/02 22:30:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/02 22:30:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2011/01/02 22:30:16 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/01/02 22:30:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/01/02 22:30:15 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/01/02 22:30:14 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/01/02 22:30:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/01/02 22:30:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/01/02 22:30:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/01/02 22:30:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/01/02 22:30:09 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/01/02 22:30:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/01/02 22:30:08 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/01/02 22:30:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/01/02 22:30:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/01/02 22:30:07 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/01/02 22:30:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/01/02 22:30:06 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/01/02 22:30:05 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/01/02 22:30:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/01/02 22:30:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/01/02 22:30:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/01/02 22:30:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/01/02 22:29:55 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/01/02 22:29:55 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/01/02 22:29:49 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/01/02 22:29:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/01/02 22:29:41 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/01/02 22:29:41 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/01/02 22:29:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/01/02 22:29:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/01/02 22:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/01/02 22:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/01/02 22:29:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/01/02 22:29:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/01/02 22:29:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/01/02 22:29:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/01/02 22:29:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/01/02 22:29:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/01/02 22:29:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/01/02 22:29:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/01/02 22:29:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/01/02 22:29:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/01/02 22:29:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/01/02 22:29:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/01/02 22:29:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/01/02 22:29:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/01/02 22:29:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/01/02 22:29:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/01/02 22:29:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/01/02 22:29:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/01/02 22:29:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/01/02 22:29:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/01/02 22:29:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/01/02 22:29:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/01/02 22:29:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/01/02 22:29:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/01/02 22:29:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/01/02 22:29:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/01/02 22:29:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/01/02 22:29:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/01/02 22:29:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/01/02 22:29:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/01/02 22:29:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/01/02 22:29:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/01/02 22:29:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/01/02 22:29:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/01/02 22:29:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/01/02 22:29:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/01/02 22:29:24 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/01/02 22:29:24 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/01/02 22:29:23 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/01/02 22:29:23 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/01/02 22:29:23 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/01/02 22:29:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/01/02 22:29:23 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/01/02 22:29:22 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/01/02 22:29:22 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/01/02 22:29:21 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/01/02 22:29:21 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/01/02 22:29:21 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/01/02 22:29:21 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/01/02 22:29:21 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/01/02 22:29:20 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/01/02 22:29:20 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/01/02 22:29:19 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/01/02 22:29:19 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/01/02 22:29:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/01/02 22:29:19 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/01/02 22:29:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/01/02 22:29:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/01/02 22:29:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/01/02 22:29:10 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/01/02 22:28:56 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/01/02 22:28:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/01/02 22:28:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/01/02 22:28:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/01/02 22:28:50 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/01/02 22:28:49 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/01/02 22:28:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/01/02 22:28:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/01/02 22:28:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/01/02 22:28:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/01/02 22:28:43 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/01/02 22:28:43 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/01/02 22:28:42 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/01/02 22:28:42 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/01/02 22:28:34 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/01/02 22:28:32 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/01/02 22:28:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/01/02 22:28:29 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/01/02 22:28:29 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/01/02 22:28:28 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/01/02 22:28:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/01/02 22:28:27 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/01/02 22:28:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/01/02 22:28:26 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/01/02 22:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/01/02 22:28:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/01/02 22:28:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/01/02 22:28:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/01/02 22:28:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/01/02 22:28:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/01/02 22:28:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/01/02 22:28:21 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/01/02 22:28:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/01/02 22:28:08 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2011/01/02 22:28:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/01/02 22:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/01/02 22:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/01/02 22:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/01/02 22:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/01/02 22:28:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/01/02 22:28:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/01/02 22:28:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/01/02 22:27:57 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2011/01/02 22:27:57 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2011/01/02 22:25:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2011/01/02 22:25:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/01/02 22:25:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/01/02 22:25:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/01/02 22:25:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/01/02 22:25:14 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/01/02 22:25:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/01/02 22:25:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/01/02 22:25:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/01/02 22:25:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/01/02 22:25:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/01/02 22:25:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/01/02 22:25:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/01/02 22:25:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/01/02 22:25:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/01/02 22:24:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/01/02 22:24:43 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/01/02 22:24:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/01/02 22:24:41 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/01/02 22:24:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/01/02 22:24:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/01/02 22:24:33 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/01/02 22:24:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/01/02 22:24:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/01/02 22:22:52 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/01/02 22:22:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/01/02 22:22:51 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/01/02 22:22:51 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/01/02 22:22:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/01/02 22:22:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/01/02 22:22:49 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/01/02 22:22:49 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/01/02 22:22:48 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/01/02 22:22:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/01/02 22:22:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/01/02 22:22:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/01/02 22:22:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2011/01/02 22:22:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/01/02 22:22:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2011/01/02 22:22:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2011/01/02 22:22:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/01/02 22:22:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2011/01/02 22:22:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/01/02 22:22:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2011/01/02 22:22:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/01/02 22:22:45 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2011/01/02 22:22:45 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/01/02 22:22:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/01/02 22:22:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/01/02 22:22:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2011/01/02 22:22:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2011/01/02 22:22:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/01/02 22:22:44 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/01/02 22:22:44 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/01/02 22:22:44 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/01/02 22:22:43 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2011/01/02 22:22:43 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/01/02 22:22:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/01/02 22:22:37 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/01/02 22:22:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/01/02 22:22:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/01/02 22:22:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/01/02 22:22:32 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/01/02 22:22:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/01/02 22:22:29 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/01/02 22:22:28 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/01/02 22:22:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/01/02 22:22:27 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/01/02 22:22:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/01/02 22:22:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/01/02 22:22:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/01/02 22:22:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/01/02 22:22:26 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/01/02 22:22:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/01/02 22:22:25 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/01/02 22:22:24 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/01/02 22:22:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/01/02 22:17:03 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/01/02 22:17:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/01/02 22:12:36 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2011/01/02 22:12:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2011/01/02 22:12:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2011/01/02 22:12:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2011/01/02 22:12:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2011/01/02 22:12:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2011/01/02 22:12:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/01/02 22:12:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/01/02 22:12:30 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2011/01/02 22:12:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/01/02 22:12:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/01/02 22:12:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/12/30 16:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Avira
[2010/12/30 16:08:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/30 16:08:31 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/30 16:08:31 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/30 16:08:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/30 16:08:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2010/12/30 15:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\VS Revo Group
[2010/12/30 15:56:15 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/12/30 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/29 23:14:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:07 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\My Documents\Downloads
[2010/12/29 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\Mozilla
[2010/12/29 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/29 23:04:24 | 008,404,896 | ---- | C] (Mozilla) -- C:\Documents and Settings\All Users.WINDOWS\Documents\Firefox Setup 3.6.13.exe
[2010/12/27 21:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/03 02:26:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/03 02:26:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/03 02:17:31 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 02:17:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:05:54 | 000,432,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/03 02:05:54 | 000,067,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/03 02:03:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/03 02:01:38 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/03 01:59:18 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/03 01:57:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/03 00:05:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/02 23:59:27 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/02 23:59:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/02 22:32:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/02 22:27:28 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/01/02 22:27:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/02 22:27:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/02 22:27:25 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/01/02 22:27:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/02 22:23:58 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/30 16:23:07 | 000,565,893 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/12/30 16:08:57 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/30 15:53:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/30 13:44:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qhonozik.bin
[2010/12/29 23:21:28 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:11 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:13:20 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:10:05 | 003,999,590 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/29 23:04:41 | 008,404,896 | ---- | M] (Mozilla) -- C:\Documents and Settings\All Users.WINDOWS\Documents\Firefox Setup 3.6.13.exe
[2010/12/29 15:46:43 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:47:54 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Browser Choice.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/21 14:59:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/10 22:28:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/03 02:17:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:17:29 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 00:04:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2011/01/02 22:30:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/01/02 22:29:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/02 22:29:24 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/01/02 22:29:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/01/02 22:29:18 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/02 22:29:02 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/01/02 22:28:53 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/02 22:28:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/01/02 22:12:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/01/02 22:12:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/01/02 22:12:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/01/02 22:12:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/01/02 22:12:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/01/02 22:12:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/30 16:08:57 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/29 23:14:40 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:13:18 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:09:51 | 003,999,590 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/27 21:08:48 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/06 18:50:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/06 18:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qhonozik.bin
[2010/06/21 20:03:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/12/21 18:53:59 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sysReserve.ini
[2009/06/18 14:00:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/06/18 14:00:23 | 000,000,962 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/12/30 01:35:08 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 19:11:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 21:03:33 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/21 21:03:32 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/09/04 21:12:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/07/11 14:03:37 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/03/31 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/02/19 00:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/10 10:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2009/12/22 17:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2010/11/04 14:30:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2010/01/27 18:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2010/11/04 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
[2010/11/09 11:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/11/04 22:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Akepy
[2010/11/04 17:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\AVG10
[2010/01/26 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ersa
[2010/11/05 17:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Exxyi
[2010/11/05 17:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Fiepo
[2009/03/29 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Gyucap
[2010/11/09 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\LimeWire
[2010/12/29 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\PriceGong
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Sony
[2010/11/04 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ulos

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4

< End of report >
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby Basacag » January 2nd, 2011, 10:42 pm

Extras.txt

OTL Extras logfile created on: 03/01/2011 02:35:24 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Carl.CARLSROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 154.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 45.39 Gb Free Space | 40.61% Space Free | Partition Type: NTFS
Drive E: | 475.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARLSROOM | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}" = Logitech QuickCam
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"All ATI Software" = ATI - Software Uninstall Utility
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.1
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 536EP Modem" = Intel(R) 536EP Modem
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_UK Toolbar" = Messenger_Plus_Live_UK Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Plusmedia_uk Toolbar" = Plusmedia_uk Toolbar
"QcDrv" = Logitech® Camera Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/01/2011 18:43:23 | Computer Name = CARLSROOM | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 02/01/2011 18:45:17 | Computer Name = CARLSROOM | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 02/01/2011 18:45:29 | Computer Name = CARLSROOM | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 02/01/2011 19:34:09 | Computer Name = CARLSROOM | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <avgntflt> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 0xffffffff

Error - 02/01/2011 19:34:32 | Computer Name = CARLSROOM | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 02/01/2011 19:46:33 | Computer Name = CARLSROOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module msi.dll, version 2.0.2600.1106, fault address 0x0005640e.

Error - 02/01/2011 22:02:16 | Computer Name = CARLSROOM | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file.

Error - 02/01/2011 22:02:17 | Computer Name = CARLSROOM | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
while recovering repository file.

Error - 02/01/2011 22:02:20 | Computer Name = CARLSROOM | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS
COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error - 02/01/2011 22:02:21 | Computer Name = CARLSROOM | Source = WinMgmt | ID = 4
Description = Failed to load MOF C:\2F76B5F7683FC2BCDF811AF7DDFEBCDA\I386\LICWMI.MOF
while recovering repository file.

[ System Events ]
Error - 02/01/2011 22:05:39 | Computer Name = CARLSROOM | Source = Dhcp | ID = 1002
Description = The IP address lease 10.14.84.234 for the Network Card with network
address 00236908DCD3 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 02/01/2011 22:06:05 | Computer Name = CARLSROOM | Source = NetBT | ID = 4321
Description = The name "HOME :1d" could not be registered on the Interface
with IP address 192.168.1.69. The machine with the IP address 192.168.1.67 did not
allow the name to be claimed by this machine.

Error - 02/01/2011 22:22:35 | Computer Name = CARLSROOM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.69 for the Network Card with network
address 00236908DCD3 has been denied by the DHCP server 10.14.84.233 (The DHCP Server
sent a DHCPNACK message).

Error - 02/01/2011 22:22:38 | Computer Name = CARLSROOM | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 02/01/2011 22:22:47 | Computer Name = CARLSROOM | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%2

Error - 02/01/2011 22:22:47 | Computer Name = CARLSROOM | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%2

Error - 02/01/2011 22:26:24 | Computer Name = CARLSROOM | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 02/01/2011 22:26:32 | Computer Name = CARLSROOM | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%2

Error - 02/01/2011 22:26:32 | Computer Name = CARLSROOM | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%2

Error - 02/01/2011 22:35:44 | Computer Name = CARLSROOM | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
UPSTAIRS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{13BAC243-98F5-4B47-. The master browser is stopping or an election
is being forced.


< End of report >
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby askey127 » January 3rd, 2011, 8:05 am

There is a lot of research to do here. Will respond later.
It's touch and go whether this will be fixable. (Win 7 would not work on this machine as it is. Linux Mint would work fine.)

DO NOT ATTEMPT TO INSTALL SP3 NOW, AND DON'T LET AUTOMATIC UPDATES DO IT.
You can download SP3 on a clean machine and burn it to a CD so it will be ready for later.
----------------------------------------------------------------------------------
Download SP3 and Burn the Image to a CD
It's a big download.
If you have a broadband connection, get the Windows XP Service Pack 3 download from here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e&displaylang=en
It is an .iso image file, designed to be saved on your machine, then burned directly onto a CD using your CD burning software (You will need a blank CD-R disk.)
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet explorer cant start

Unread postby askey127 » January 3rd, 2011, 8:17 am

Basacag,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/12/03 17:47:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/12/03 17:47:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/12/03 17:47:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2010/12/03 17:47:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
    O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {7d03e9a6-a0ea-59cd-f44b-7bd5309c7bc0} - C:\WINDOWS\avevubeqovuzi.dll File not found
    O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Messenger Plus Live UK Toolbar) - {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files\Messenger_Plus_Live_UK\tbMes1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files\Plusmedia_uk\tbPlu2.dll (Conduit Ltd.)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    [2010/11/10 10:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
    [2010/01/27 18:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
    [2010/11/04 17:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\AVG10
    [2010/11/09 17:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\LimeWire
    [2010/12/29 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\PriceGong
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4
    SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2011-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.

Use separate replies for your posts if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet explorer cant start

Unread postby Basacag » January 3rd, 2011, 10:31 am

hi askey 127

OTL log. Malware to follow once its downloaded.

OTL logfile created on: 03/01/2011 14:26:23 - Run 2
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Carl.CARLSROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 53.59 Gb Free Space | 47.94% Space Free | Partition Type: NTFS
Drive E: | 475.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARLSROOM | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/03 19:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/07/25 15:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 15:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 15:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/19 23:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Ian\LOCALS~1\Temp\031861~1.EXE -- (0318611288873212mcinstcleanup) McAfee Application Installer Cleanup (0318611288873212)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/01/12 18:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2004/12/10 21:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelS51.sys -- (IntelS51) Intel(R)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/21 19:16:49 | 000,245,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2004/05/21 19:15:31 | 000,019,968 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {48C005B9-8E27-4FBD-A61C-47C1B85392F5}:1.9.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}: C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\{48C005B9-8E27-4FBD-A61C-47C1B85392F5} [2010/12/02 19:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 23:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/29 23:05:57 | 000,000,000 | ---D | M]

[2010/12/29 23:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions
[2009/03/26 16:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/03 02:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions
[2011/01/03 02:28:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/29 23:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 19:13:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CARL.CARLSROOM\LOCAL SETTINGS\APPLICATION DATA\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}
[2010/11/10 10:27:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/09/28 14:23:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [\\UPSTAIRS\EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on UPSTAIRS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 20:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell - "" = AutoRun
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\explore\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\Open\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 14:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2011/01/03 13:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/03 02:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/03 02:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/03 02:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV
[2011/01/03 01:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/02 23:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/02 22:30:16 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/01/02 22:28:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/30 16:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Avira
[2010/12/30 16:08:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/30 16:08:31 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/30 16:08:31 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/30 16:08:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/30 16:08:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2010/12/30 15:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\VS Revo Group
[2010/12/30 15:56:15 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/12/30 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/29 23:14:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:07 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\My Documents\Downloads
[2010/12/29 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\Mozilla
[2010/12/29 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/27 21:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 30 Days ==========

[2011/01/03 14:24:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/03 14:24:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/03 02:47:23 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/03 02:17:31 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 02:17:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:05:54 | 000,432,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/03 02:05:54 | 000,067,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/03 02:03:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/03 01:59:18 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/03 01:57:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/03 00:05:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/02 23:59:27 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/02 23:59:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/02 22:32:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/02 22:27:28 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/01/02 22:27:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/02 22:27:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/02 22:27:25 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/01/02 22:27:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/02 22:23:58 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/30 16:23:07 | 000,565,893 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/12/30 16:08:57 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/30 15:53:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/30 13:44:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qhonozik.bin
[2010/12/29 23:21:28 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:11 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:13:20 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:10:05 | 003,999,590 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/29 15:46:43 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:47:54 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Browser Choice.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/21 14:59:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/10 22:28:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/01/03 02:17:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:17:29 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 00:04:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2011/01/02 22:30:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/01/02 22:29:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/02 22:29:24 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/01/02 22:29:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/01/02 22:29:18 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/02 22:29:02 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/01/02 22:28:53 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/02 22:28:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/01/02 22:12:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/01/02 22:12:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/01/02 22:12:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/01/02 22:12:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/01/02 22:12:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/01/02 22:12:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/30 16:08:57 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/29 23:14:40 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:13:18 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:09:51 | 003,999,590 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/27 21:08:48 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/06 18:50:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/06 18:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qhonozik.bin
[2010/06/21 20:03:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/12/21 18:53:59 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sysReserve.ini
[2009/06/18 14:00:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/06/18 14:00:23 | 000,000,962 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/12/30 01:35:08 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 19:11:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 21:03:33 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/21 21:03:32 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/09/04 21:12:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/07/11 14:03:37 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/03/31 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/02/19 00:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/22 17:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2010/11/04 14:30:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2011/01/03 14:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2010/11/04 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
[2010/11/09 11:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/11/04 22:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Akepy
[2010/01/26 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ersa
[2010/11/05 17:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Exxyi
[2010/11/05 17:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Fiepo
[2009/03/29 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Gyucap
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Sony
[2010/11/04 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ulos

========== Purity Check ==========



< End of report >
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby askey127 » January 4th, 2011, 7:37 am

Did you get Malwarebytes' AntiMalware to run OK?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet explorer cant start

Unread postby Basacag » January 4th, 2011, 8:16 am

err yeah, don't know what happened to the report, not for the first time it seems like it rejected the post and I did not spot it...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5447

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

03/01/2011 14:55:12
mbam-log-2011-01-03 (14-55-12).txt

Scan type: Quick scan
Objects scanned: 243066
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\winfixerfree (Rogue.WinFixer) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\carl.carlsroom\application data\Adobe\plugs\kb29594687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\carl.carlsroom\application data\Adobe\plugs\kb29748468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\application data\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby askey127 » January 4th, 2011, 8:29 am

Basacag,
It still may have a Bamital infection. Removing it is a bit delicate (dangerous). Let's prepare and check for a rootkit.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    explorer.exe
    winlogon.exe
    hlp.dat
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
--------------------------------------------
If you still have TDSSKiller on your desktop, run it. Otherwise please download a new one.
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet explorer cant start

Unread postby Basacag » January 4th, 2011, 1:25 pm

hi askey127 here are the logs

SystemLook 04.09.10 by jpshortstuff
Log created at 17:10 on 04/01/2011 by Carl
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1032192 bytes [12:00 31/03/2003] [00:56 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1004032 bytes [23:55 02/01/2011] [12:00 31/03/2003] A82B28BFC2E4455FE43022A498C0EF0A
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1032192 bytes [00:02 03/01/2011] [00:56 04/08/2004] A0732187050030AE399B241436565E64

Searching for "winlogon.exe"
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 516608 bytes [23:54 02/01/2011] [12:00 31/03/2003] 2246D8D8F4714A2CEDB21AB9B1849ABB
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------- 502272 bytes [00:03 03/01/2011] [00:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\SYSTEM32\winlogon.exe --a---- 502272 bytes [12:00 31/03/2003] [00:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE

Searching for "hlp.dat"
C:\Documents and Settings\All Users.WINDOWS\Documents\Server\hlp.dat --a---- 36221 bytes [12:00 31/03/2003] [20:30 21/11/2010] 3D4DE79E5EF556EE2B3EEC6077BD1491

-= EOF =-

2011/01/04 17:15:24.0468 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/04 17:15:24.0468 ================================================================================
2011/01/04 17:15:24.0468 SystemInfo:
2011/01/04 17:15:24.0468
2011/01/04 17:15:24.0468 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/04 17:15:24.0468 Product type: Workstation
2011/01/04 17:15:24.0468 ComputerName: CARLSROOM
2011/01/04 17:15:24.0484 UserName: Carl
2011/01/04 17:15:24.0484 Windows directory: C:\WINDOWS
2011/01/04 17:15:24.0484 System windows directory: C:\WINDOWS
2011/01/04 17:15:24.0484 Processor architecture: Intel x86
2011/01/04 17:15:24.0484 Number of processors: 1
2011/01/04 17:15:24.0484 Page size: 0x1000
2011/01/04 17:15:24.0484 Boot type: Normal boot
2011/01/04 17:15:24.0484 ================================================================================
2011/01/04 17:15:25.0046 Initialize success
2011/01/04 17:15:33.0109 ================================================================================
2011/01/04 17:15:33.0109 Scan started
2011/01/04 17:15:33.0109 Mode: Manual;
2011/01/04 17:15:33.0109 ================================================================================
2011/01/04 17:15:35.0031 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/04 17:15:35.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/04 17:15:35.0218 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/04 17:15:35.0343 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/04 17:15:35.0406 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/01/04 17:15:35.0734 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/01/04 17:15:36.0078 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/04 17:15:36.0140 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/04 17:15:36.0281 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/04 17:15:36.0406 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/04 17:15:36.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/04 17:15:36.0671 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/04 17:15:36.0734 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/04 17:15:36.0812 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/04 17:15:36.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/04 17:15:37.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/04 17:15:37.0093 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/04 17:15:37.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/04 17:15:37.0281 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/04 17:15:37.0343 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/04 17:15:37.0625 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
2011/01/04 17:15:38.0015 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/04 17:15:38.0171 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/04 17:15:38.0312 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/04 17:15:38.0406 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/04 17:15:38.0453 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/04 17:15:38.0593 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/04 17:15:38.0734 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/04 17:15:38.0828 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/04 17:15:38.0921 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/04 17:15:38.0953 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/04 17:15:39.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/04 17:15:39.0171 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/04 17:15:39.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/04 17:15:39.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/04 17:15:39.0375 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/01/04 17:15:39.0421 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/04 17:15:39.0515 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/01/04 17:15:39.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/04 17:15:39.0890 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/04 17:15:39.0953 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/04 17:15:40.0312 IntelS51 (f61bd411a315b9721ddef61e44d34474) C:\WINDOWS\system32\DRIVERS\IntelS51.sys
2011/01/04 17:15:40.0500 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/04 17:15:40.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/04 17:15:40.0671 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/04 17:15:40.0765 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/04 17:15:40.0828 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/04 17:15:40.0890 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/04 17:15:40.0968 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/04 17:15:41.0031 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/04 17:15:41.0109 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/04 17:15:41.0203 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/04 17:15:41.0500 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/01/04 17:15:41.0796 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/01/04 17:15:42.0000 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/01/04 17:15:42.0109 LVUSBSta (65994b84dd34e2b8fe2cbe4a077fa2f1) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/01/04 17:15:42.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/04 17:15:42.0296 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/04 17:15:42.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/04 17:15:42.0453 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/04 17:15:42.0515 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/04 17:15:42.0625 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/04 17:15:42.0734 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/04 17:15:42.0890 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/04 17:15:42.0968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/04 17:15:43.0031 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/04 17:15:43.0093 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/04 17:15:43.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/04 17:15:43.0234 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/04 17:15:43.0296 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/01/04 17:15:43.0375 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/04 17:15:43.0484 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/04 17:15:43.0546 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/04 17:15:43.0640 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/04 17:15:43.0765 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/04 17:15:43.0843 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/04 17:15:43.0906 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/04 17:15:43.0984 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/04 17:15:44.0046 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/04 17:15:44.0109 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/04 17:15:44.0265 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/04 17:15:44.0359 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/04 17:15:44.0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/04 17:15:44.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/04 17:15:44.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/04 17:15:44.0703 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/04 17:15:44.0750 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/04 17:15:44.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/04 17:15:44.0906 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/04 17:15:45.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/04 17:15:45.0125 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/04 17:15:45.0562 PhilCam8116_XP (ecfbea72977cc8d2c11f74aa07d8e7d0) C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
2011/01/04 17:15:45.0671 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/04 17:15:45.0765 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/04 17:15:45.0859 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/04 17:15:45.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/04 17:15:46.0031 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/04 17:15:46.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/04 17:15:46.0437 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/04 17:15:46.0500 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/04 17:15:46.0578 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/04 17:15:46.0656 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/04 17:15:46.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/04 17:15:46.0859 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/04 17:15:46.0937 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/04 17:15:47.0031 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/01/04 17:15:47.0156 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/01/04 17:15:47.0328 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/04 17:15:47.0406 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/04 17:15:47.0484 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/04 17:15:47.0578 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/04 17:15:47.0750 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/04 17:15:47.0859 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/04 17:15:47.0937 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/04 17:15:48.0031 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/04 17:15:48.0171 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/04 17:15:48.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/04 17:15:48.0328 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/04 17:15:48.0406 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/04 17:15:48.0640 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/04 17:15:48.0765 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/04 17:15:48.0890 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/04 17:15:48.0937 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/04 17:15:49.0000 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/04 17:15:49.0203 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/04 17:15:49.0343 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/04 17:15:49.0468 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/04 17:15:49.0546 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/04 17:15:49.0640 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/04 17:15:49.0718 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/04 17:15:49.0781 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/04 17:15:49.0859 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/04 17:15:49.0906 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/04 17:15:49.0984 USB_RNDIS (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/01/04 17:15:50.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/04 17:15:50.0171 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/04 17:15:50.0265 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/04 17:15:50.0406 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/04 17:15:50.0640 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/04 17:15:50.0734 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/04 17:15:50.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/04 17:15:50.0984 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/04 17:15:51.0000 ================================================================================
2011/01/04 17:15:51.0000 Scan finished
2011/01/04 17:15:51.0000 ================================================================================
2011/01/04 17:15:51.0031 Detected object count: 1
2011/01/04 17:16:58.0265 \HardDisk0 - will be cured after reboot
2011/01/04 17:16:58.0265 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/04 17:17:02.0968 Deinitialize success
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby askey127 » January 4th, 2011, 2:45 pm

If you haven't rebooted since running TDSSKiller, do it now.
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Files
    C:\Documents and Settings\All Users.WINDOWS\Documents\Server\hlp.dat
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more. Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet explorer cant start

Unread postby Basacag » January 4th, 2011, 3:53 pm

Avira to follow

OTL logfile created on: 04/01/2011 19:48:42 - Run 3
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Carl.CARLSROOM\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 53.52 Gb Free Space | 47.88% Space Free | Partition Type: NTFS
Drive E: | 475.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CARLSROOM | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/03 19:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/07/25 15:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/07/25 15:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/07/25 15:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/19 18:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_FATI9HE.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/19 23:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\DOCUME~1\Ian\LOCALS~1\Temp\031861~1.EXE -- (0318611288873212mcinstcleanup) McAfee Application Installer Cleanup (0318611288873212)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\revoflt.sys -- (Revoflt)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/01/12 18:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2004/12/10 21:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelS51.sys -- (IntelS51) Intel(R)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/21 19:16:49 | 000,245,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2004/05/21 19:15:31 | 000,019,968 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {77f40091-495b-4c46-9068-2b24c4133157} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {48C005B9-8E27-4FBD-A61C-47C1B85392F5}:1.9.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}: C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\{48C005B9-8E27-4FBD-A61C-47C1B85392F5} [2010/12/02 19:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 23:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/29 23:05:57 | 000,000,000 | ---D | M]

[2010/12/29 23:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions
[2009/03/26 16:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/04 02:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions
[2011/01/03 02:28:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Mozilla\Firefox\Profiles\vtvzx5ws.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/29 23:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 19:13:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CARL.CARLSROOM\LOCAL SETTINGS\APPLICATION DATA\{48C005B9-8E27-4FBD-A61C-47C1B85392F5}
[2010/11/10 10:27:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/09/28 14:23:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [\\UPSTAIRS\EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo RX620 Series on UPSTAIRS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/04 20:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 001,053,184 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.DLL -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,018,944 | R--- | M] (Microsoft Corporation) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2004/08/04 12:00:00 | 000,000,064 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell - "" = AutoRun
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\explore\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O33 - MountPoints2\{467689d8-e466-11df-8627-00236908dcd3}\Shell\Open\command - "" = \RECYCLER\S-5-1-72-7111723027-6046737775-668600511-3165\pUkTDPmy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 14:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Malwarebytes
[2011/01/03 14:32:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/03 14:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/01/03 14:32:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/03 14:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/03 14:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2011/01/03 13:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/03 02:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/03 02:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/01/03 02:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV
[2011/01/03 01:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/02 23:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/02 22:30:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/02 22:30:16 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/01/02 22:28:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/30 16:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Avira
[2010/12/30 16:08:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/30 16:08:31 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/30 16:08:31 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/30 16:08:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/30 16:08:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/30 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2010/12/30 15:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\VS Revo Group
[2010/12/30 15:56:15 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/12/30 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/29 23:14:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:07 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\My Documents\Downloads
[2010/12/29 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\Mozilla
[2010/12/29 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/27 21:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 30 Days ==========

[2011/01/04 19:46:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/04 19:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/04 17:09:21 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\SystemLook.exe
[2011/01/03 14:32:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 02:47:23 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/03 02:17:31 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 02:17:31 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:05:54 | 000,432,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/03 02:05:54 | 000,067,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/03 02:03:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/03 01:59:18 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/03 01:57:19 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/03 00:05:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/02 23:59:27 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/02 23:59:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/01/02 22:32:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/02 22:27:28 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/01/02 22:27:27 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/02 22:27:27 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/02 22:27:25 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/01/02 22:27:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/02 22:23:58 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/30 16:23:07 | 000,565,893 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/12/30 16:08:57 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/30 15:53:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/30 13:44:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qhonozik.bin
[2010/12/29 23:21:28 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:14:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\OTL.exe
[2010/12/29 23:14:11 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\tdsskiller.exe
[2010/12/29 23:13:20 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:10:05 | 003,999,590 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/29 15:46:43 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:47:54 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Browser Choice.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/21 14:59:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/10 22:28:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/01/04 17:09:20 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\SystemLook.exe
[2011/01/03 14:32:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 02:17:31 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BDARemote.lnk
[2011/01/03 02:17:29 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BDARemote.lnk
[2011/01/03 00:04:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2011/01/02 22:30:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/01/02 22:29:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/02 22:29:24 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/01/02 22:29:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/01/02 22:29:18 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/02 22:29:02 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/01/02 22:28:53 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/02 22:28:28 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/01/02 22:12:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/01/02 22:12:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/01/02 22:12:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/01/02 22:12:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/01/02 22:12:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/01/02 22:12:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/12/30 16:08:57 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 15:56:17 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Revo Uninstaller Pro.lnk
[2010/12/29 23:14:40 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\avira_antivir_personal_en.exe
[2010/12/29 23:13:18 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\rkill.exe
[2010/12/29 23:09:51 | 003,999,590 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\zzz.exe
[2010/12/29 23:06:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/29 23:06:00 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/29 23:06:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/12/27 21:08:48 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\HiJackThis.lnk
[2010/12/27 20:43:16 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/27 20:43:16 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Desktop\Internet Explorer.lnk
[2010/12/06 18:50:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kzebitih.dat
[2010/12/06 18:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qhonozik.bin
[2010/06/21 20:03:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/06/18 14:00:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/06/18 14:00:23 | 000,000,962 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/12/30 01:35:08 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Carl.CARLSROOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 19:11:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/21 21:03:33 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/21 21:03:32 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008/09/04 21:12:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/07/11 14:03:37 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2003/03/31 12:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/02/19 00:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/22 17:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
[2010/11/04 14:30:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2011/01/03 14:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2010/11/04 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
[2010/11/09 11:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/11/04 22:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Akepy
[2010/01/26 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ersa
[2010/11/05 17:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Exxyi
[2010/11/05 17:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Fiepo
[2009/03/29 16:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Gyucap
[2008/10/22 16:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Sony
[2010/11/04 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ulos

========== Purity Check ==========



< End of report >
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm

Re: Internet explorer cant start

Unread postby Basacag » January 4th, 2011, 8:52 pm

Avira AntiVir Personal
Report file date: 04 January 2011 19:56

Scanning for 2327093 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CARLSROOM

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 08:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 08:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:16:37
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:16:37
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:16:38
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:16:38
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:16:38
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:16:38
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:16:38
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:16:39
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:16:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:16:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:16:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:16:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 16:16:44
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 16:16:50
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 16:16:54
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 16:16:57
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 16:17:00
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 16:17:03
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 19:54:37
VBASE020.VDF : 7.11.1.6 2048 Bytes 1/3/2011 19:54:37
VBASE021.VDF : 7.11.1.7 2048 Bytes 1/3/2011 19:54:38
VBASE022.VDF : 7.11.1.8 2048 Bytes 1/3/2011 19:54:38
VBASE023.VDF : 7.11.1.9 2048 Bytes 1/3/2011 19:54:38
VBASE024.VDF : 7.11.1.10 2048 Bytes 1/3/2011 19:54:38
VBASE025.VDF : 7.11.1.11 2048 Bytes 1/3/2011 19:54:38
VBASE026.VDF : 7.11.1.12 2048 Bytes 1/3/2011 19:54:38
VBASE027.VDF : 7.11.1.13 2048 Bytes 1/3/2011 19:54:38
VBASE028.VDF : 7.11.1.14 2048 Bytes 1/3/2011 19:54:38
VBASE029.VDF : 7.11.1.15 2048 Bytes 1/3/2011 19:54:38
VBASE030.VDF : 7.11.1.16 2048 Bytes 1/3/2011 19:54:38
VBASE031.VDF : 7.11.1.25 81920 Bytes 1/4/2011 19:54:39
Engineversion : 8.2.4.134
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 08:39:51
AESCRIPT.DLL : 8.1.3.51 1286524 Bytes 12/30/2010 16:17:58
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 08:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 08:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 08:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 12/30/2010 16:17:50
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 08:39:49
AEHEUR.DLL : 8.1.2.60 3158392 Bytes 12/30/2010 16:17:43
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 08:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 08:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 08:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 08:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 08:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 08:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 08:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 08:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 08:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 08:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 08:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 08:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 08:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 04 January 2011 19:56

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '58' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'COCIManager.exe' - '46' Module(s) have been scanned
Scan process 'firefox.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'LVComSer.exe' - '37' Module(s) have been scanned
Scan process 'wscntfy.exe' - '18' Module(s) have been scanned
Scan process 'BDARemote.exe' - '27' Module(s) have been scanned
Scan process 'MsnMsgr.Exe' - '100' Module(s) have been scanned
Scan process 'ctfmon.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'Quickcam.exe' - '60' Module(s) have been scanned
Scan process 'E_FATI9HE.EXE' - '18' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '48' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'Explorer.EXE' - '90' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'SeaPort.exe' - '43' Module(s) have been scanned
Scan process 'LVComSer.exe' - '39' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '15' Module(s) have been scanned
Scan process 'spoolsv.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1654' files ).


Starting the file scan:

Begin scan in 'C:\' <New HD>
C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ersa\cuig.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3515163-u2 - elavation.wma
[DETECTION] Is the TR/Dldr.WMA.Wim.N.4 Trojan
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3545425-simple plan - crazy.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3545427-matt willis - hey kid.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Saved\Quietdrive - Sink or Swim.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Saved\simple plan - crazy.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Ian\Application Data\AVG\Rescue\PC Tuneup 2011\101108123354578.rsc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
--> 101108123354578-000058.file
[1] Archive type: ZIP
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\setupdavid2291.exe
[DETECTION] Contains recognition pattern of the DR/180Solutions.A.21 dropper
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\WinFixer\WinFixer2006Setup.exe
[0] Archive type: RSRC
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
--> Object
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
C:\Program Files\epson\Utility Suite\Copy Utility\PrtMgr10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\Program Files\epson\Utility Suite\Copy Utility\ScnCom10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\Program Files\epson\Utility Suite\Copy Utility\ScnMgr10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\XoftSpy\Quarantine\Quarantine20-08-2005-23-59-18.xpy
[DETECTION] Contains recognition pattern of the ADSPY/Winad.AT.2 adware or spyware
C:\System Volume Information\_restore{18815A8D-19A8-4893-BE06-EECF8AF1D466}\RP5\A0004485.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP788\A0318623.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333864.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333865.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333866.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333867.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333869.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333870.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333872.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333875.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333876.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333877.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333879.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333880.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333881.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333882.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333883.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333884.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333886.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333887.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333888.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333890.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333891.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333893.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333896.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333897.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333898.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333907.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333908.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333915.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333916.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333917.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333918.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333919.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333920.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333921.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333922.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333925.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333927.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP825\A0355149.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367327.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367328.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367329.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367331.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367332.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367333.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367337.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367338.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367343.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367344.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367346.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367347.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367350.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367351.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367352.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367355.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367358.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP839\A0368308.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372371.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372372.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372373.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372375.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372376.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372377.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372382.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372383.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372388.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372389.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372391.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372392.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372395.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372396.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372397.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372400.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372403.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus

Beginning disinfection:
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372403.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4f1a64d7.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372400.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '578d4b70.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372397.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '05d21198.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372396.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '63e55e5a.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372395.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '26617364.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372392.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '597a4105.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372391.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '15c26d4f.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372389.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '69da2d1f.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372388.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '44800252.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372383.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5de839c8.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372382.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '31b415f8.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372377.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '400d2c6d.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372376.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4e171caa.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372375.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0b3e65e8.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372373.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '02356143.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372372.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5a74782b.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP842\A0372371.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '768001e7.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP839\A0368308.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '487e613d.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367358.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2b704a4e.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367355.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0db80a53.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367352.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3f2c71f6.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367351.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '35695a88.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367350.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0a3a3ecd.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367347.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '741632ea.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367346.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '216e3621.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367344.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2cf84709.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367343.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '30a55300.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367338.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '01761ece.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367337.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6d200af8.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367333.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '24ba2fff.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367332.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7f2f272e.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367331.EXE
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '199d2bc7.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367329.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4e13596f.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367328.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6c630e1b.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP838\A0367327.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0473748d.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP825\A0355149.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '24057008.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333927.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '712136bf.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333925.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '10011700.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333922.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '75ad558a.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333921.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '107a212b.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333920.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '039e1dbe.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333919.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '11276100.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333918.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '067702b2.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333917.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5c553023.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333916.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '79584a37.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333915.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0d035244.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333908.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2f0100c8.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333907.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5a9278d1.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333898.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '71c524de.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333897.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '16a26c61.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333896.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5dd25577.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333893.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5d2c5f26.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333891.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '17830a36.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333890.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '79aa25fe.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333888.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '348a7b8e.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333887.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5cae5cb5.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333886.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '261f667c.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333884.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '574d3a39.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333883.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '27aa1029.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333882.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5cda6c7c.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333881.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '12811f16.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333880.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6cfa6431.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333879.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '18604c42.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333877.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1354102b.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333876.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '408c03e9.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333875.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '25e52880.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333872.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0d1e7823.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333870.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '79bd219e.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333869.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '36b05917.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333867.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '096400b1.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333866.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '73520307.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333865.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '235a0477.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP804\A0333864.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '75520e35.qua'.
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP788\A0318623.exe
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '32e20ae7.qua'.
C:\System Volume Information\_restore{18815A8D-19A8-4893-BE06-EECF8AF1D466}\RP5\A0004485.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file could not be copied to quarantine!
[NOTE] The file does not exist!
C:\Program Files\XoftSpy\Quarantine\Quarantine20-08-2005-23-59-18.xpy
[DETECTION] Contains recognition pattern of the ADSPY/Winad.AT.2 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '56f74d6e.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '24931ef7.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '0fe85dd0.qua'.
C:\Program Files\epson\Utility Suite\Copy Utility\ScnMgr10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4c70536d.qua'.
C:\Program Files\epson\Utility Suite\Copy Utility\ScnCom10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '06be2a55.qua'.
C:\Program Files\epson\Utility Suite\Copy Utility\PrtMgr10.dll
[DETECTION] Contains code of the W32/Ramnit.A Windows virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0bf034c6.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\WinFixer\WinFixer2006Setup.exe
[DETECTION] Contains virus patterns of Adware ADWARE/Agent.3819797
[NOTE] The file was moved to the quarantine directory under the name '241c7c10.qua'.
C:\Documents and Settings\Ian Hayward\My Documents\My Received Files\setupdavid2291.exe
[DETECTION] Contains recognition pattern of the DR/180Solutions.A.21 dropper
[NOTE] The file was moved to the quarantine directory under the name '1bde357e.qua'.
C:\Documents and Settings\Ian\Application Data\AVG\Rescue\PC Tuneup 2011\101108123354578.rsc
[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus
[NOTE] The file was moved to the quarantine directory under the name '24fa2318.qua'.
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Saved\simple plan - crazy.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '41e77346.qua'.
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Saved\Quietdrive - Sink or Swim.wma
[DETECTION] Is the TR/Dldr.Age.1171323 Trojan
[NOTE] The file was moved to the quarantine directory under the name '67da5438.qua'.
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3545427-matt willis - hey kid.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '6b73074e.qua'.
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3545425-simple plan - crazy.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '5e197197.qua'.
C:\Documents and Settings\Carl.CARLSROOM\My Documents\LimeWire\Incomplete\Preview-T-3515163-u2 - elavation.wma
[DETECTION] Is the TR/Dldr.WMA.Wim.N.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '253976dd.qua'.
C:\Documents and Settings\Carl.CARLSROOM\Application Data\Ersa\cuig.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '033d73e9.qua'.


End of the scan: 05 January 2011 00:51
Used time: 1:43:37 Hour(s)

The scan has been done completely.

14623 Scanned directories
449708 Files were scanned
90 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
89 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
449618 Files not concerned
2070 Archives were scanned
0 Warnings
89 Notes
435630 Objects were scanned with rootkit scan
2 Hidden objects were found
Basacag
Regular Member
 
Posts: 32
Joined: December 9th, 2010, 4:25 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware