Solved Locked out by virus please help

c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Searchqu Toolbar\sysid.ini
c:\program files\Searchqu Toolbar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-08 11:07 . 2012-07-08 11:07 -------- d-sh--w- c:\documents and settings\bon\IECompatCache
2012-07-01 10:13 . 2012-07-01 10:13 -------- d-----w- c:\documents and settings\bon\Application Data\Friday's games
2012-07-01 10:00 . 2012-07-01 10:16 -------- d-----w- C:\Zylom Games
2012-07-01 09:12 . 2012-07-01 10:17 -------- d-----w- c:\program files\Zylom Games
2012-07-01 09:12 . 2012-07-01 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2012-06-23 16:12 . 2012-06-23 16:12 -------- d-----w- C:\Doctor Who - The Gunpowder Plot
2012-06-22 01:05 . 2012-06-22 01:05 -------- d-----w- c:\documents and settings\bon\AppData
2012-06-16 17:40 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 08:41 . 2012-04-06 19:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-17 08:41 . 2011-08-01 05:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 14:19 . 2010-09-03 11:48 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2010-09-03 11:48 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2010-09-03 09:44 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2010-09-03 09:44 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2010-09-03 09:44 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2010-09-03 11:48 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2010-09-03 11:48 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2010-09-03 09:44 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2010-09-03 09:44 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2010-09-03 11:48 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2010-09-03 09:44 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2010-09-03 09:44 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-09-03 09:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:20 . 2012-05-06 07:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-07_04.27.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-10 19:26 . 2012-07-10 19:26 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 10:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 14:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-08-01 03:32 958352 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-08-01 03:32 20880 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-08-01 03:32 3507088 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-08-30 05:48 69632 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-01-15 12:33 49152 ----a-r- c:\windows\system32\VTTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45323:TCP"= 45323:TCP:*:Disabled:utorrent
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03-06-2012 06:00 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03-06-2012 06:00 86224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-10-2010 19:52 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [13-08-2011 10:06 66112]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27-10-2010 19:52 136176]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [03-09-2010 11:00 30336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [06-05-2012 08:41 113120]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [13-08-2011 10:06 180672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [13-08-2011 10:06 180672]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc544efd4614b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 18:52]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc544efd998702.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-27 18:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 20:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2012-07-10 20:35:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 19:35
ComboFix2.txt 2012-07-07 04:39
ComboFix3.txt 2011-04-11 17:34
ComboFix4.txt 2011-03-22 20:54
.
Pre-Run: 44,429,430,784 bytes free
Post-Run: 44,405,309,440 bytes free
.
- - End Of File - - 9E943F27AC2EDEA0C38C8409DACA8E42
 
Looks good :)

How is computer doing?

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thanks for your reply,computer seems to be OK thanks to you (y)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bon :: BONDOG-8E3D57A2 [administrator]

12-07-2012 12:52:06
mbam-log-2012-07-12 (12-52-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212824
Time elapsed: 23 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL logfile created on: 12-07-2012 19:48:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\bon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MM-yyyy

991.48 Mb Total Physical Memory | 550.33 Mb Available Physical Memory | 55.51% Memory free
2.88 Gb Paging File | 2.46 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 41.43 Gb Free Space | 54.03% Space Free | Partition Type: NTFS

Computer Name: BONDOG-8E3D57A2 | User Name: bon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-12 19:48:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
PRC - [2012-06-14 23:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-01-31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012-01-31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-01-31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-01-31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-08-01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-10 22:54:17 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\bon\Local Settings\temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
MOD - [2012-06-17 09:41:15 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012-06-16 22:01:30 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012-06-16 22:01:06 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012-06-16 22:00:17 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012-06-16 21:59:30 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012-06-16 21:56:43 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012-06-14 23:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-05-12 08:08:40 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012-05-11 21:11:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-11 21:08:55 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012-05-11 21:08:26 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012-05-11 08:15:53 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012-05-11 08:14:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-11 08:11:53 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012-01-31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011-08-01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011-07-26 09:27:06 | 000,617,384 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011-07-26 09:27:06 | 000,424,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011-07-26 09:27:06 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011-07-26 09:27:06 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-06-16 18:34:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-01-31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-01-31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2004-03-18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012-01-31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-01-31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-09-16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010-12-30 10:41:56 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2010-12-30 10:41:56 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2010-12-30 10:41:56 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010-12-01 20:50:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-05-20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006-07-27 16:37:04 | 000,030,336 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (iadusb)
DRV - [2004-08-30 10:36:24 | 000,637,713 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-02-24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003-07-02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\bon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-01 11:17:28 | 000,000,000 | ---D | M]

[2012-06-03 19:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Extensions
[2012-07-10 20:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions
[2011-04-06 08:35:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-06-21 12:14:19 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012-03-30 07:36:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-06-04 09:16:13 | 000,000,000 | ---D | M] (CSHelper) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011-04-18 19:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\nostmp
[2012-06-21 12:14:04 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\searchplugins\Search_Results.xml
[2012-07-10 20:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-10-29 06:56:07 | 000,434,392 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MSLQPCWW.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012-06-14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-02-26 18:14:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-06-14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-21 12:14:04 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012-06-14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-10 20:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Azada/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283514510468 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185ADB32-30CD-4343-9FFF-A1A4CB18BAD7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Documents and Settings\All Users\Documents\My Music\Stardock\Object Desktop\IconPackager\iprepair.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\bon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-03 10:46:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-12 19:48:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
[2012-07-08 12:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bon\IECompatCache
[2012-07-07 05:06:41 | 004,573,044 | R--- | C] (Swearware) -- C:\Documents and Settings\bon\Desktop\ComboFix.exe
[2012-07-05 22:25:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bon\Start Menu\Programs\Administrative Tools
[2012-07-04 20:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\My Documents\Van Insurence Quote and Proof of no claims
[2012-07-01 11:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\Application Data\Friday's games
[2012-07-01 11:00:19 | 000,000,000 | ---D | C] -- C:\Zylom Games
[2012-07-01 10:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2012-07-01 10:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012-06-23 17:12:15 | 000,000,000 | ---D | C] -- C:\Doctor Who - The Gunpowder Plot
[2012-06-22 02:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\AppData
[2012-06-21 21:17:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-06-17 14:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-12 19:48:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
[2012-07-12 19:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc544efd998702.job
[2012-07-12 11:51:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-12 11:51:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc544efd4614b4.job
[2012-07-12 11:51:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-12 11:50:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-12 11:49:43 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 07:19:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-07-10 20:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-07-08 11:45:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\CamShapes.ini
[2012-07-08 11:45:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\CamLayout.ini
[2012-07-08 11:45:53 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Camdata.ini
[2012-07-07 05:07:12 | 004,573,044 | R--- | M] (Swearware) -- C:\Documents and Settings\bon\Desktop\ComboFix.exe
[2012-07-07 05:00:50 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\bon\Desktop\TechSpot.URL
[2012-07-05 19:32:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-20 21:34:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-20 21:34:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012-06-19 09:22:09 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\bon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-16 21:57:33 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-06-16 21:57:33 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-08 11:45:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamShapes.ini
[2012-07-08 11:45:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamLayout.ini
[2012-07-08 11:45:53 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\Camdata.ini
[2012-07-07 05:00:50 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\bon\Desktop\TechSpot.URL
[2012-06-20 21:34:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-04 10:00:11 | 000,004,416 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamStudio.cfg
[2012-02-17 07:04:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-03-22 21:42:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-03-22 21:42:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-03-22 21:42:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-03-22 21:42:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-03-22 21:42:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-01-29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011-01-29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011-01-29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011-01-29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011-01-29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010-12-01 20:52:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010-12-01 20:37:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-10-03 14:19:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-10-02 15:39:54 | 000,000,045 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2010-09-28 10:31:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-09-27 15:11:48 | 000,104,658 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010-09-27 15:11:48 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010-09-27 15:05:16 | 000,104,265 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010-09-27 15:05:16 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010-09-18 11:30:04 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\bon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-04 20:29:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-03 13:01:52 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\bon\Local Settings\Application Data\fusioncache.dat
[2010-09-03 12:42:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-09-03 11:32:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-09-03 11:31:21 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-03 11:10:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-09-03 11:00:56 | 000,019,220 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2010-09-03 10:55:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010-09-03 10:54:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010-09-03 10:54:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010-09-03 10:49:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-09-03 10:43:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012-06-03 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012-06-21 13:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-09-03 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010-10-06 19:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2012-06-03 20:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2010-09-04 03:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011-02-27 19:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011-12-28 23:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012-06-03 19:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010-10-12 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011-08-13 10:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012-06-03 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012-07-01 10:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011-11-11 11:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Azureus
[2011-08-21 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Big Fish Games
[2012-06-03 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\DriverCure
[2012-06-03 19:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\ElevatedDiagnostics
[2012-07-01 11:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Friday's games
[2011-12-28 23:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\PlayFirst
[2011-08-13 10:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Samsung
[2012-06-03 19:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\SpeedMaxPc
[2010-10-05 20:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\SpinTop
[2011-10-19 03:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Unity
[2012-04-28 18:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\uTorrent

========== Purity Check ==========



< End of report >
 
OTL logfile created on: 12-07-2012 19:48:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\bon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MM-yyyy

991.48 Mb Total Physical Memory | 550.33 Mb Available Physical Memory | 55.51% Memory free
2.88 Gb Paging File | 2.46 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 41.43 Gb Free Space | 54.03% Space Free | Partition Type: NTFS

Computer Name: BONDOG-8E3D57A2 | User Name: bon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-12 19:48:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
PRC - [2012-06-14 23:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-01-31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012-01-31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-01-31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-01-31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-08-01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-10 22:54:17 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\bon\Local Settings\temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
MOD - [2012-06-17 09:41:15 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012-06-16 22:01:30 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012-06-16 22:01:06 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012-06-16 22:00:17 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012-06-16 21:59:30 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012-06-16 21:56:43 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012-06-14 23:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-05-12 08:08:40 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012-05-11 21:11:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-11 21:08:55 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012-05-11 21:08:26 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012-05-11 08:15:53 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012-05-11 08:14:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-11 08:11:53 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012-01-31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011-08-01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011-07-26 09:27:06 | 000,617,384 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011-07-26 09:27:06 | 000,424,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011-07-26 09:27:06 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011-07-26 09:27:06 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-06-16 18:34:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-01-31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-01-31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2004-03-18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012-01-31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-01-31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-09-16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010-12-30 10:41:56 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2010-12-30 10:41:56 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2010-12-30 10:41:56 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010-12-01 20:50:05 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-05-20 22:32:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006-07-27 16:37:04 | 000,030,336 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (iadusb)
DRV - [2004-08-30 10:36:24 | 000,637,713 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-02-24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003-07-02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\bon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-01 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-01 11:17:28 | 000,000,000 | ---D | M]

[2012-06-03 19:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Extensions
[2012-07-10 20:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions
[2011-04-06 08:35:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-06-21 12:14:19 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012-03-30 07:36:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-06-04 09:16:13 | 000,000,000 | ---D | M] (CSHelper) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011-04-18 19:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\extensions\nostmp
[2012-06-21 12:14:04 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\mslqpcww.default\searchplugins\Search_Results.xml
[2012-07-10 20:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-10-29 06:56:07 | 000,434,392 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MSLQPCWW.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012-06-14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-02-26 18:14:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-06-14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-21 12:14:04 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012-06-14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\bon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\bon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-10 20:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Azada/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283514510468 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185ADB32-30CD-4343-9FFF-A1A4CB18BAD7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Documents and Settings\All Users\Documents\My Music\Stardock\Object Desktop\IconPackager\iprepair.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\bon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-03 10:46:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-12 19:48:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
[2012-07-08 12:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bon\IECompatCache
[2012-07-07 05:06:41 | 004,573,044 | R--- | C] (Swearware) -- C:\Documents and Settings\bon\Desktop\ComboFix.exe
[2012-07-05 22:25:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bon\Start Menu\Programs\Administrative Tools
[2012-07-04 20:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\My Documents\Van Insurence Quote and Proof of no claims
[2012-07-01 11:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\Application Data\Friday's games
[2012-07-01 11:00:19 | 000,000,000 | ---D | C] -- C:\Zylom Games
[2012-07-01 10:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2012-07-01 10:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012-06-23 17:12:15 | 000,000,000 | ---D | C] -- C:\Doctor Who - The Gunpowder Plot
[2012-06-22 02:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bon\AppData
[2012-06-21 21:17:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-06-17 14:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-12 19:48:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bon\Desktop\OTL.exe
[2012-07-12 19:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc544efd998702.job
[2012-07-12 11:51:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-12 11:51:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc544efd4614b4.job
[2012-07-12 11:51:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-12 11:50:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-12 11:49:43 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 07:19:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-07-10 20:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-07-08 11:45:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\CamShapes.ini
[2012-07-08 11:45:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\CamLayout.ini
[2012-07-08 11:45:53 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Camdata.ini
[2012-07-07 05:07:12 | 004,573,044 | R--- | M] (Swearware) -- C:\Documents and Settings\bon\Desktop\ComboFix.exe
[2012-07-07 05:00:50 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\bon\Desktop\TechSpot.URL
[2012-07-05 19:32:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-20 21:34:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\bon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-20 21:34:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012-06-19 09:22:09 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\bon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-16 21:57:33 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-06-16 21:57:33 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-08 11:45:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamShapes.ini
[2012-07-08 11:45:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamLayout.ini
[2012-07-08 11:45:53 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\Camdata.ini
[2012-07-07 05:00:50 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\bon\Desktop\TechSpot.URL
[2012-06-20 21:34:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-04 10:00:11 | 000,004,416 | ---- | C] () -- C:\Documents and Settings\bon\Application Data\CamStudio.cfg
[2012-02-17 07:04:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-03-22 21:42:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-03-22 21:42:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-03-22 21:42:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-03-22 21:42:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-03-22 21:42:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-01-29 17:00:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011-01-29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011-01-29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011-01-29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011-01-29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010-12-01 20:52:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010-12-01 20:37:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-10-03 14:19:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-10-02 15:39:54 | 000,000,045 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2010-09-28 10:31:07 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-09-27 15:11:48 | 000,104,658 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010-09-27 15:11:48 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010-09-27 15:05:16 | 000,104,265 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010-09-27 15:05:16 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010-09-18 11:30:04 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\bon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-04 20:29:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-03 13:01:52 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\bon\Local Settings\Application Data\fusioncache.dat
[2010-09-03 12:42:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-09-03 11:32:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-09-03 11:31:21 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-03 11:10:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-09-03 11:00:56 | 000,019,220 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2010-09-03 10:55:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010-09-03 10:54:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010-09-03 10:54:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010-09-03 10:49:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-09-03 10:43:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012-06-03 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012-06-21 13:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-09-03 14:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010-10-06 19:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2012-06-03 20:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2010-09-04 03:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011-02-27 19:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011-12-28 23:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012-06-03 19:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010-10-12 13:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011-08-13 10:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012-06-03 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012-07-01 10:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011-11-11 11:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Azureus
[2011-08-21 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Big Fish Games
[2012-06-03 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\DriverCure
[2012-06-03 19:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\ElevatedDiagnostics
[2012-07-01 11:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Friday's games
[2011-12-28 23:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\PlayFirst
[2011-08-13 10:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Samsung
[2012-06-03 19:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\SpeedMaxPc
[2010-10-05 20:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\SpinTop
[2011-10-19 03:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\Unity
[2012-04-28 18:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bon\Application Data\uTorrent

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 12-07-2012 19:48:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\bon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MM-yyyy

991.48 Mb Total Physical Memory | 550.33 Mb Available Physical Memory | 55.51% Memory free
2.88 Gb Paging File | 2.46 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 41.43 Gb Free Space | 54.03% Space Free | Partition Type: NTFS

Computer Name: BONDOG-8E3D57A2 | User Name: bon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"45323:TCP" = 45323:TCP:*:Disabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F78B1A-964A-442C-BCE5-1FF4CBACAD90}" = ConstructionSkills
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"am-puzzlerworld" = Puzzler World
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"S3" = UniChrome IGP Driver and Utilities
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VLC media player" = VLC media player 1.1.9
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13-05-2011 12:46:58 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:16:25 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:17:09 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27-05-2011 00:47:10 | Computer Name = BONDOG-8E3D57A2 | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 03-06-2011 10:55:02 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:06 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application hpqgalry.exe, version 43.1.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:27 | Computer Name = BONDOG-8E3D57A2 | Source = Application Error | ID = 1000
Description = Faulting application hpqselsk.exe, version 43.1.5.0, faulting module
mscorwks.dll, version 1.1.4322.2470, fault address 0x00020a14.

Error - 28-06-2011 14:40:16 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-07-2011 10:46:55 | Computer Name = BONDOG-8E3D57A2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 24-07-2011 05:38:53 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 13-05-2011 12:46:58 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:16:25 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:17:09 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27-05-2011 00:47:10 | Computer Name = BONDOG-8E3D57A2 | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 03-06-2011 10:55:02 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:06 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application hpqgalry.exe, version 43.1.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:27 | Computer Name = BONDOG-8E3D57A2 | Source = Application Error | ID = 1000
Description = Faulting application hpqselsk.exe, version 43.1.5.0, faulting module
mscorwks.dll, version 1.1.4322.2470, fault address 0x00020a14.

Error - 28-06-2011 14:40:16 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-07-2011 10:46:55 | Computer Name = BONDOG-8E3D57A2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 24-07-2011 05:38:53 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10-07-2012 15:25:39 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:51:53 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:53:16 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 17:53:17 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12-07-2012 01:10:01 | Computer Name = BONDOG-8E3D57A2 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 12-07-2012 06:50:07 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

[ System Events ]
Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10-07-2012 15:25:39 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:51:53 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:53:16 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 17:53:17 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12-07-2012 01:10:01 | Computer Name = BONDOG-8E3D57A2 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 12-07-2012 06:50:07 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >
 
OTL Extras logfile created on: 12-07-2012 19:48:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\bon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd-MM-yyyy

991.48 Mb Total Physical Memory | 550.33 Mb Available Physical Memory | 55.51% Memory free
2.88 Gb Paging File | 2.46 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 41.43 Gb Free Space | 54.03% Space Free | Partition Type: NTFS

Computer Name: BONDOG-8E3D57A2 | User Name: bon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"45323:TCP" = 45323:TCP:*:Disabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18F78B1A-964A-442C-BCE5-1FF4CBACAD90}" = ConstructionSkills
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"am-puzzlerworld" = Puzzler World
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"S3" = UniChrome IGP Driver and Utilities
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VLC media player" = VLC media player 1.1.9
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13-05-2011 12:46:58 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:16:25 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:17:09 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27-05-2011 00:47:10 | Computer Name = BONDOG-8E3D57A2 | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 03-06-2011 10:55:02 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:06 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application hpqgalry.exe, version 43.1.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:27 | Computer Name = BONDOG-8E3D57A2 | Source = Application Error | ID = 1000
Description = Faulting application hpqselsk.exe, version 43.1.5.0, faulting module
mscorwks.dll, version 1.1.4322.2470, fault address 0x00020a14.

Error - 28-06-2011 14:40:16 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-07-2011 10:46:55 | Computer Name = BONDOG-8E3D57A2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 24-07-2011 05:38:53 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 13-05-2011 12:46:58 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:16:25 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-05-2011 12:17:09 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27-05-2011 00:47:10 | Computer Name = BONDOG-8E3D57A2 | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 03-06-2011 10:55:02 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:06 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application hpqgalry.exe, version 43.1.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10-06-2011 11:01:27 | Computer Name = BONDOG-8E3D57A2 | Source = Application Error | ID = 1000
Description = Faulting application hpqselsk.exe, version 43.1.5.0, faulting module
mscorwks.dll, version 1.1.4322.2470, fault address 0x00020a14.

Error - 28-06-2011 14:40:16 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-07-2011 10:46:55 | Computer Name = BONDOG-8E3D57A2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 24-07-2011 05:38:53 | Computer Name = BONDOG-8E3D57A2 | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 4.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10-07-2012 15:25:39 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:51:53 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:53:16 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 17:53:17 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12-07-2012 01:10:01 | Computer Name = BONDOG-8E3D57A2 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 12-07-2012 06:50:07 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

[ System Events ]
Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 14:56:45 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10-07-2012 15:25:39 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:51:53 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10-07-2012 17:53:16 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10-07-2012 17:53:17 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12-07-2012 01:10:01 | Computer Name = BONDOG-8E3D57A2 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 12-07-2012 06:50:07 | Computer Name = BONDOG-8E3D57A2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00508DA3E857 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12-07-2012 06:52:04 | Computer Name = BONDOG-8E3D57A2 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >
 
OTL logs are clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.3.300.257
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 08-07-2012
Ran by bon (administrator) on 15-07-2012 at 08:06:18
Running from "C:\Documents and Settings\bon\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****
 
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1be6c59670196841822d5b49a2b731c3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 12:21:14
# local_time=2012-07-15 01:21:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 3645012 3645012 0 0
# compatibility_mode=8192 67108863 100 0 359 359 0 0
# scanned=54294
# found=11
# cleaned=11
# scan_time=10304
C:\Qoobox\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll.vir a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll.vir a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP252\A0058554.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP252\A0058555.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP254\A0059373.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP254\A0059374.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP254\A0059375.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP265\A0068307.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP265\A0068309.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{3F2F9064-E5F5-45DD-BBAA-77BFA729225D}\RP265\A0068323.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

Thanks for all your help(y)
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thanks for your reply and for all your help it was much appreciated
PC is running better than it has for ages (y)

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: bon
->Temp folder emptied: 171609 bytes
->Temporary Internet Files folder emptied: 2163220 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 54927112 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 819460 bytes

Total Files Cleaned = 55.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: bon
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: bon
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.54.0 log created on 07162012_095937

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Yes!!
p4193502.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
390
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back