Jump to content

r0n5ter

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Maniac, Not seeing any more traces of it, thanks. I think uninstalling the other toolbars may have cleared "It's dead, Jim" screen which was displayed when I used task manager to close the Chrome window. Thanks for all your help (and explanations). Regards Ronnie
  2. ...and the Extra's file... EXTRAS OTL Extras logfile created on: 18/06/2012 06:45:19 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ronnie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.91 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.16% Memory free 15.82 Gb Paging File | 14.23 Gb Available in Paging File | 89.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 826.84 Gb Free Space | 88.77% Space Free | Partition Type: NTFS Drive E: | 69.64 Gb Total Space | 5.47 Gb Free Space | 7.85% Space Free | Partition Type: NTFS Drive F: | 69.64 Gb Total Space | 11.06 Gb Free Space | 15.89% Space Free | Partition Type: NTFS Computer Name: SPARE_OOM-PC | User Name: Ronnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0809AFEE-8CBB-4198-ACF2-E6D9D29135A9}" = lport=138 | protocol=17 | dir=in | app=system | "{095959CD-9991-419D-8ACC-A6DE66723738}" = rport=138 | protocol=17 | dir=out | app=system | "{0CB01F91-44A9-407A-BFA9-1C0DE4A587A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34D26AED-CCAB-4537-9638-6A3BA7BD10B2}" = rport=10243 | protocol=6 | dir=out | app=system | "{35A76BAF-5825-4EB9-BD9F-2281CF22B3DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3B089E6A-8DCF-4548-A1C3-2D6AAA1B1D0B}" = lport=10243 | protocol=6 | dir=in | app=system | "{46F95EC2-6C27-47CC-968C-F06BE9B03E11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4892C5CD-4ED1-45F6-B78A-C8EEF8C3586F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{567070E3-EADB-4F4A-906D-E8D7D0747F11}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{570A032C-631F-49FD-91EF-D40EC85C82D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5891A0C0-6FE2-4FE1-8A0D-C91288A24243}" = rport=137 | protocol=17 | dir=out | app=system | "{696DFE09-86F3-4A77-8B7A-B3B195656A93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8848A594-2083-4912-A053-BAD6E7452A2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8D66CA93-17CC-4B76-BAC1-C2743B24EE25}" = rport=445 | protocol=6 | dir=out | app=system | "{93184EAA-6693-4D1D-8082-5141CED161BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9A7D223D-844E-45F7-83EB-3ADBA12BF96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A955C594-E806-4EA7-833A-1E2D309124B7}" = lport=137 | protocol=17 | dir=in | app=system | "{B1F65022-760A-487F-A0CC-EAAE97C7C20B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B65389F0-5719-4BED-9A7C-AFBD0CD7DE29}" = lport=445 | protocol=6 | dir=in | app=system | "{B6CC96E3-AC86-4A95-99B5-6C46946B299C}" = rport=139 | protocol=6 | dir=out | app=system | "{BCA111F1-4458-463E-9D24-031B7C7D3E89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEC96E11-539E-4DFA-AE62-1DFEE1B767FA}" = lport=2869 | protocol=6 | dir=in | app=system | "{F09CC7EC-9015-442C-A888-B9E4EF55C799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F36ADC81-899D-42CC-AE70-EBC2C19F67A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F4E7031F-AB00-4223-BF77-6E314D395A25}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FEEF68-5655-4A58-8A36-67E59E73338F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | "{0328B12B-9547-420A-AB15-2DCF4323C40F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1C659D97-1151-4AFF-9D2D-508D0F6F4ABF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A558DFD-49CD-4B25-9061-63758EB83F64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2BC46680-9835-4B1B-9C9E-3EB3928A7F68}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{2F34C02F-7F7C-48F1-8E6A-318AA5FBA524}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{36B6FB85-E51C-45CD-9292-9307BFEA19C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{38DEFEEA-9000-4EBA-BD6E-51AD06945D5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3D23AE61-8629-4648-8443-287DB7EBF68D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{46F90D1A-2CA2-4711-AB44-D9861B1A969D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{511DDF0F-9330-41BE-BCDA-05D25BE1705B}" = protocol=6 | dir=out | app=system | "{549CA9BE-CC9F-4D79-B37B-F5C8BA7C7E92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54E0A905-EE7F-471B-95A5-E1A76E7EC58E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{66242BAA-CCAE-4D77-AC41-27EDE6170953}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | "{6C30034C-DE43-47C9-BD4C-5DD025A8FC84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FBC8473-D265-4548-B4B4-D72395ED8EF7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{6FE22AA8-0175-4686-B2A1-DD480E699DD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7B5A9C10-8798-48F3-A0F4-6FC8A43C72EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{846AD452-50FF-465A-943B-355FE1EF18A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9127DFA3-6496-4230-8990-E396ABBF94CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A0C31DE-82F9-45CF-85B3-631C1D60DE80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9DA22CEF-A3C2-4C8A-AFEC-641CE601D439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AABB03BB-DE08-4E31-A5A5-5710C91D3731}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{AC87FD0B-7120-41BE-A025-E0009C1CD6FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{B4DA2DF6-196F-4851-8F3B-4BE30B47ED96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BB17E2A6-1268-4D07-9529-8E7BC39E047D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{BC1959B1-DB43-4910-97F9-DAE3AC167650}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C3061635-5DE1-406E-B219-42010CEAFB23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C94A5DAE-D6EF-49A2-8C91-2CF919C12FDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2EC8A20-43CA-43C4-B72D-89C1DCB6417E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{E0C9C3B4-3E9F-4E84-A53D-6A90FF2C91ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{E0E9EFF3-16EA-45B3-A239-9E80005B1CB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{E174E206-A168-41C3-95FE-8BD1977BE02A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E9AC7C05-3C8B-4846-86B8-A73EF9E9109A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F5D1692B-7E3F-403C-B6C6-97A51F21DB3D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{F5D51040-7262-4071-AB8F-C20777767B32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F92E6825-B81F-4FF6-9E04-336EEEFEAD5C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FA6046E1-8325-4E84-9587-C2B5906DF19C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FB6D535C-41B8-45EE-A71B-89121213D27E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{FC27DA0C-3B66-443B-816C-51FBD5380B0D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}" = HP Deskjet 2050 J510 series Basic Device Software "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{855D3D91-0743-4B75-B469-D45FF68D42BB}" = HP Deskjet 2050 J510 series Product Improvement Study "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "ARO 2012_is1" = ARO 2012 "AVG" = AVG 2012 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59579B12-97E6-437E-B988-BA032165D355}" = Dualpix HD "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841e8e8b-9323-4b4e-8565-7b4bc995c9bb}" = Nero 9 Essentials "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B60D61FD-1CB1-4ED5-974E-8C959F14208E}" = Hercules Webcam Station Evolution "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "HP Photo Creations" = HP Photo Creations "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/06/2012 02:01:08 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: _isC487.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _isC487.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x17e4 Faulting application start time: 0x01cd479798609075 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_isC487.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_isC487.exe Report Id: d6489dbc-b38a-11e1-b3b9-5404a62bd04f Error - 11/06/2012 02:01:38 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: _is3552.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is3552.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x12f4 Faulting application start time: 0x01cd4797a9c63f15 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is3552.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is3552.exe Report Id: e7ae4c5d-b38a-11e1-b3b9-5404a62bd04f Error - 11/06/2012 02:21:28 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: _is6087.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is6087.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x1984 Faulting application start time: 0x01cd479a6f526227 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is6087.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is6087.exe Report Id: ad608572-b38d-11e1-b3b9-5404a62bd04f Error - 11/06/2012 02:21:38 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: _is86FB.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Faulting module name: _is86FB.exe, version: 12.0.0.58855, time stamp: 0x46d48420 Exception code: 0xc0000005 Fault offset: 0x0001ec42 Faulting process id: 0x1954 Faulting application start time: 0x01cd479a752ba3b3 Faulting application path: C:\Users\Ronnie\AppData\Local\Temp\_is86FB.exe Faulting module path: C:\Users\Ronnie\AppData\Local\Temp\_is86FB.exe Report Id: b313b0fa-b38d-11e1-b3b9-5404a62bd04f Error - 11/06/2012 14:06:30 | Computer Name = Spare_Oom-PC | Source = WinMgmt | ID = 10 Description = Error - 11/06/2012 14:06:59 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Exception code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0x138c Faulting application start time: 0x01cd47fcfe0549e8 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: 3c5613bb-b3f0-11e1-a046-5404a62bd04f Error - 11/06/2012 14:09:24 | Computer Name = Spare_Oom-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/06/2012 14:18:02 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Exception code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0xf40 Faulting application start time: 0x01cd47fe85022af7 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: c751ffae-b3f1-11e1-b4a1-5404a62bd04f Error - 11/06/2012 14:18:28 | Computer Name = Spare_Oom-PC | Source = WinMgmt | ID = 10 Description = Error - 11/06/2012 14:18:31 | Computer Name = Spare_Oom-PC | Source = Application Error | ID = 1000 Description = Faulting application name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Faulting module name: ARO.exe, version: 8.0.7.0, time stamp: 0x4f06a41c Exception code: 0xc0000005 Fault offset: 0x0001ffca Faulting process id: 0x5e8 Faulting application start time: 0x01cd47fe9ac03f89 Faulting application path: C:\Program Files (x86)\ARO 2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report Id: d8ed54b8-b3f1-11e1-b4a1-5404a62bd04f [ System Events ] Error - 27/05/2012 12:00:57 | Computer Name = Spare_Oom-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 16:59:57 on ?27/?05/?2012 was unexpected. Error - 28/05/2012 13:23:31 | Computer Name = Spare_Oom-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DF3D6C97-2682-4DE3-97E8-3AC02545D471} because another computer on the network has the same name. The server could not start. Error - 28/05/2012 17:38:40 | Computer Name = Spare_Oom-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 22:37:15 on ?28/?05/?2012 was unexpected. Error - 28/05/2012 17:38:43 | Computer Name = Spare_Oom-PC | Source = BugCheck | ID = 1001 Description = Error - 03/06/2012 09:33:52 | Computer Name = Spare_Oom-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DF3D6C97-2682-4DE3-97E8-3AC02545D471} because another computer on the network has the same name. The server could not start. Error - 04/06/2012 04:00:17 | Computer Name = Spare_Oom-PC | Source = DCOM | ID = 10010 Description = Error - 04/06/2012 10:14:05 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7034 Description = The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). Error - 11/06/2012 14:10:10 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7022 Description = The Windows Update service hung on starting. Error - 12/06/2012 16:11:51 | Computer Name = Spare_Oom-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 14/06/2012 13:52:03 | Computer Name = Spare_Oom-PC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. < End of report >
  3. Hi Maniac, As requested (sorry about the delay - ben away from my machine for a couple of days...) Cheers Ronnie OTL OTL logfile created on: 18/06/2012 06:45:19 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ronnie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.91 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.16% Memory free 15.82 Gb Paging File | 14.23 Gb Available in Paging File | 89.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 826.84 Gb Free Space | 88.77% Space Free | Partition Type: NTFS Drive E: | 69.64 Gb Total Space | 5.47 Gb Free Space | 7.85% Space Free | Partition Type: NTFS Drive F: | 69.64 Gb Total Space | 11.06 Gb Free Space | 15.89% Space Free | Partition Type: NTFS Computer Name: SPARE_OOM-PC | User Name: Ronnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/15 06:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exe PRC - [2012/06/12 18:22:17 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012/06/12 18:22:15 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/05/25 03:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/05/25 03:14:34 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 18:47:40 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012/06/14 18:47:28 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012/06/14 18:47:25 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012/06/14 18:47:20 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012/06/14 18:47:18 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012/06/12 18:22:19 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012/06/12 18:22:15 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/05/28 18:59:23 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll MOD - [2012/05/28 18:58:28 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll MOD - [2012/05/28 18:58:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012/05/28 18:37:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012/05/28 18:37:43 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012/05/28 18:37:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012/05/28 18:37:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012/05/28 18:37:35 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012/05/28 18:36:07 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2012/05/26 00:15:59 | 000,115,137 | ---- | M] () -- C:\Users\Ronnie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll MOD - [2012/05/25 03:14:42 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/08/20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/12 18:22:17 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012/05/25 23:29:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011/05/16 15:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/15 04:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/24 01:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/02/09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt) DRV:64bit: - [2008/02/01 16:43:34 | 000,146,728 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2) DRV:64bit: - [2007/10/11 14:45:54 | 000,186,496 | ---- | M] (Guillemont Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDvidvx.sys -- (AKDWC20ET) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 0A 8E 2E 4E 47 CD 01 [binary data] IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C8289A1D-B4A5-41A2-9807-8DF5DEEE7D65}&mid=b82110df98ab47d0a33b854de0cf39bc-c0a06aa3f791477abc518b54c50504d0d7fb3104〈=en&ds=AVG&pr=pr&d=2012-05-25 19:36:04&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ronnie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ronnie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 19:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/25 19:35:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/12 18:22:26 | 000,000,000 | ---D | M] [2012/06/10 21:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronnie\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions [2012/06/10 21:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\Ronnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3:64bit: - HKU\S-1-5-21-1320612923-930342160-3983958577-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CamserviceDP] C:\Program Files (x86)\Hercules\Hercules DualPix HD Webcam\x64\Camservice.exe /startup File not found O4:64bit: - HKLM..\Run: [CamserviceHD] C:\Program Files (x86)\Hercules\Dualpix HD\XtrCtrlEx.exe (Guillemot Corporation S.A.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe (Support.com, Inc.) O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKU\S-1-5-21-1320612923-930342160-3983958577-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3D6C97-2682-4DE3-97E8-3AC02545D471}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/15 06:49:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exe [2012/06/14 18:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/06/14 18:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/06/12 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2012/06/12 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Nero [2012/06/11 19:41:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ronnie\Desktop\dds.com [2012/06/11 19:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/06/11 07:23:07 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/11 06:46:21 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Sammsoft [2012/06/11 06:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012 [2012/06/11 06:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2012 [2012/06/11 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\APN [2012/06/11 06:24:14 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Diagnostics [2012/06/10 21:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/06/10 21:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/06/10 21:35:00 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Mozilla [2012/06/10 21:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012/06/10 10:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{7E85AD60-388E-4D76-BAF3-9D76BC0D6698} [2012/06/10 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{AF7F9283-C2FF-4A1B-B9D0-B8D50E075486} [2012/06/10 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{A557262F-F943-4070-B6D9-DD9EDDE6CB41} [2012/06/07 10:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/05/29 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Temp [2012/05/29 19:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/05/28 22:47:58 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\My Received Files [2012/05/28 22:38:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/05/28 22:34:15 | 000,589,824 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\SysWow64\HWLMSET2.exe [2012/05/28 22:34:13 | 000,000,000 | ---D | C] -- C:\Windows\HerculesWebcamUpdater [2012/05/28 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\InstallShield [2012/05/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/05/28 22:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/05/28 22:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012/05/28 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012/05/28 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012/05/28 21:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012/05/28 21:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012/05/28 21:45:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2012/05/28 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2012/05/28 18:23:53 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{9AC8B087-CCAA-48EA-91D8-2137F2BFB4FF} [2012/05/28 06:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{59CEF9F3-137E-4810-94F8-FB2CBC5792D2} [2012/05/28 06:21:16 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{54A13566-B4B1-413A-AF14-7B79B99AB530} [2012/05/27 16:47:12 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{FC2596CD-8EA7-4B99-BEB7-D0B71628CF44} [2012/05/27 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\{1D3A99FB-0E35-4918-9EB0-8E1655D3DED6} [2012/05/27 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Tracing [2012/05/27 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\Hercules webcam [2012/05/27 16:27:27 | 000,111,104 | ---- | C] (Guillemot Corporation) -- C:\Windows\SysNative\drivers\hxctlflt.sys [2012/05/27 16:17:59 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/05/27 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012/05/27 16:13:24 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam [2012/05/27 16:12:39 | 000,186,496 | ---- | C] (Guillemont Corporation) -- C:\Windows\SysNative\drivers\HDvidvx.sys [2012/05/27 16:12:39 | 000,146,728 | ---- | C] (Guillemot Corporation) -- C:\Windows\SysNative\drivers\camfilt2.sys [2012/05/27 16:12:39 | 000,053,248 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\SysWow64\HDEXT.dll [2012/05/27 16:12:39 | 000,019,456 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\SysWow64\HDExt.ax [2012/05/27 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hercules [2012/05/27 16:12:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012/05/27 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012/05/27 16:11:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012/05/27 16:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/05/27 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012/05/27 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/27 16:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/27 16:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Windows Live [2012/05/27 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012/05/27 16:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2012/05/27 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2012/05/27 16:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [2012/05/27 16:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons [2012/05/27 16:00:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\HpUpdate [2012/05/27 16:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012/05/27 16:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012/05/27 15:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012/05/27 15:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012/05/27 15:49:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\HP [2012/05/27 15:31:59 | 000,000,000 | ---D | C] -- C:\PSP Video [2012/05/27 10:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/05/26 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/05/26 11:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012/05/26 11:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012/05/26 03:58:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012/05/26 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Apple Computer [2012/05/26 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Apple Computer [2012/05/26 00:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/05/26 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/05/26 00:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/05/26 00:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/05/26 00:26:08 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Apple [2012/05/26 00:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/05/26 00:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/05/26 00:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/05/26 00:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/05/26 00:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/05/26 00:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012/05/26 00:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2012/05/26 00:18:24 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\SelfMV [2012/05/26 00:15:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32 [2012/05/25 23:29:29 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Macromedia [2012/05/25 23:29:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Adobe [2012/05/25 23:29:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012/05/25 23:29:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/05/25 23:19:41 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\MigWiz [2012/05/25 22:30:38 | 000,000,000 | ---D | C] -- C:\Temp [2012/05/25 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Samsung [2012/05/25 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Samsung [2012/05/25 22:30:13 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\samsung [2012/05/25 22:26:42 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012/05/25 22:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012/05/25 22:25:56 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012/05/25 22:25:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2012/05/25 22:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2012/05/25 22:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012/05/25 22:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012/05/25 22:24:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Downloaded Installations [2012/05/25 20:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 [2012/05/25 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\AVG2012 [2012/05/25 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\AVG Secure Search [2012/05/25 19:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/05/25 19:36:02 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2012/05/25 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/05/25 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/05/25 19:35:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/25 19:35:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/05/25 19:35:22 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/05/25 19:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/25 19:35:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/05/25 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/05/25 19:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/25 19:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012/05/25 19:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2012/05/25 19:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2012/05/25 19:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012/05/25 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Google [2012/05/25 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Google [2012/05/25 19:17:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012/05/25 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012/05/25 19:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012/05/25 19:16:32 | 000,533,096 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012/05/25 19:16:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012/05/25 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012/05/25 19:16:11 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012/05/25 19:16:11 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/05/25 19:16:11 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012/05/25 19:16:11 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/05/25 19:16:10 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2012/05/25 19:16:10 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012/05/25 19:16:10 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2012/05/25 19:16:10 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2012/05/25 19:16:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012/05/25 19:16:08 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/05/25 19:16:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/05/25 19:16:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/05/25 19:16:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/05/25 19:16:08 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/05/25 19:16:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/05/25 19:16:07 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012/05/25 19:16:07 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012/05/25 19:16:07 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012/05/25 19:16:07 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012/05/25 19:16:07 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012/05/25 19:16:07 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012/05/25 19:16:07 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012/05/25 19:16:06 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012/05/25 19:16:06 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012/05/25 19:16:06 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012/05/25 19:16:04 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/05/25 19:16:04 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012/05/25 19:16:04 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012/05/25 19:16:04 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012/05/25 19:16:04 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012/05/25 19:16:04 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012/05/25 19:16:04 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012/05/25 19:16:04 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012/05/25 19:16:04 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012/05/25 19:16:04 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012/05/25 19:16:04 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012/05/25 19:16:04 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012/05/25 19:16:03 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012/05/25 19:16:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012/05/25 19:16:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012/05/25 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012/05/25 19:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012/05/25 19:15:38 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012/05/25 19:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012/05/25 19:15:25 | 000,000,000 | ---D | C] -- C:\Intel [2012/05/25 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/05/25 19:14:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012/05/25 19:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012/05/25 19:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/05/25 19:05:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/05/25 18:59:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012/05/25 18:59:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Searches [2012/05/25 18:55:36 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/05/25 18:55:36 | 000,000,000 | -H-D | C] -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/05/25 18:55:28 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Identities [2012/05/25 18:55:27 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Contacts [2012/05/25 18:55:26 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\VirtualStore [2012/05/25 18:55:22 | 000,000,000 | --SD | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Videos [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Saved Games [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Pictures [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Music [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Links [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Favorites [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Downloads [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Documents [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\Desktop [2012/05/25 18:55:22 | 000,000,000 | R--D | C] -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\Temporary Internet Files [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Templates [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Start Menu [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\SendTo [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Recent [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\PrintHood [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\NetHood [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Videos [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Pictures [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Documents\My Music [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\My Documents [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Local Settings [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\History [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Cookies [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\Application Data [2012/05/25 18:55:22 | 000,000,000 | -HSD | C] -- C:\Users\Ronnie\AppData\Local\Application Data [2012/05/25 18:55:22 | 000,000,000 | -H-D | C] -- C:\Users\Ronnie\AppData [2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Temp [2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Microsoft [2012/05/25 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Media Center Programs [2012/05/25 18:55:14 | 000,000,000 | -HSD | C] -- C:\Recovery [2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\TDSSKiller.exe ========== Files - Modified Within 30 Days ========== [2012/06/18 06:41:56 | 000,001,306 | ---- | M] () -- C:\Users\Ronnie\Desktop\Clean Registry for Free!.lnk [2012/06/18 06:41:51 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/18 06:41:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/18 06:29:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/18 06:29:05 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/18 06:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001UA.job [2012/06/18 06:25:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/18 06:25:06 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/18 06:25:06 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/18 06:24:43 | 100,552,554 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/18 06:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/18 06:20:55 | 2077,675,519 | -HS- | M] () -- C:\hiberfil.sys [2012/06/16 18:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/16 17:35:25 | 000,127,267 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/15 07:27:39 | 002,251,202 | ---- | M] () -- C:\Users\Ronnie\Documents\UDF1.nru [2012/06/15 07:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001Core.job [2012/06/15 06:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ronnie\Desktop\OTL.exe [2012/06/15 03:20:03 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/14 18:53:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/14 18:43:08 | 000,001,162 | ---- | M] () -- C:\Users\Ronnie\Desktop\Get Live PC Help Now.lnk [2012/06/11 19:42:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ronnie\Desktop\dds.com [2012/06/11 19:30:18 | 000,071,203 | ---- | M] () -- C:\Users\Ronnie\Documents\TDSS Killer_log.rtf [2012/06/11 19:23:44 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ronnie\Desktop\TDSSKiller.exe [2012/06/11 19:14:05 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/06/11 07:25:24 | 000,002,335 | ---- | M] () -- C:\Users\Ronnie\Desktop\Google Chrome.lnk [2012/06/11 07:17:30 | 000,001,254 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/11 06:46:11 | 000,001,868 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/06/11 06:46:11 | 000,001,862 | ---- | M] () -- C:\Users\Ronnie\Desktop\Check PC For Errors.lnk [2012/05/28 22:38:37 | 464,658,485 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/05/28 22:06:27 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/05/28 21:57:05 | 000,002,732 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2012/05/28 21:57:05 | 000,002,708 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2012/05/28 21:45:33 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk [2012/05/28 18:27:19 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm [2012/05/27 16:05:02 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012/05/27 16:00:01 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk [2012/05/26 13:50:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/05/26 11:35:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012/05/26 11:35:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012/05/26 01:53:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012/05/26 01:53:58 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012/05/25 22:30:09 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/05/25 22:26:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/05/25 22:25:57 | 000,001,977 | ---- | M] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/05/25 19:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/05/25 19:26:13 | 000,015,930 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012/05/25 19:23:53 | 000,043,887 | ---- | M] () -- C:\Windows\Ascd_log.ini [2012/05/25 19:13:51 | 000,029,852 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2012/05/25 19:13:35 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini ========== Files Created - No Company Name ========== [2012/06/18 06:41:56 | 000,001,306 | ---- | C] () -- C:\Users\Ronnie\Desktop\Clean Registry for Free!.lnk [2012/06/18 06:24:43 | 100,552,554 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/16 17:35:25 | 000,127,267 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/15 07:27:38 | 002,251,202 | ---- | C] () -- C:\Users\Ronnie\Documents\UDF1.nru [2012/06/14 18:53:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/06/14 18:43:08 | 000,001,162 | ---- | C] () -- C:\Users\Ronnie\Desktop\Get Live PC Help Now.lnk [2012/06/11 19:30:17 | 000,071,203 | ---- | C] () -- C:\Users\Ronnie\Documents\TDSS Killer_log.rtf [2012/06/11 07:25:24 | 000,002,335 | ---- | C] () -- C:\Users\Ronnie\Desktop\Google Chrome.lnk [2012/06/11 07:22:36 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001UA.job [2012/06/11 07:22:35 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1320612923-930342160-3983958577-1001Core.job [2012/06/11 06:46:11 | 000,001,868 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk [2012/06/11 06:46:11 | 000,001,862 | ---- | C] () -- C:\Users\Ronnie\Desktop\Check PC For Errors.lnk [2012/05/28 22:38:37 | 464,658,485 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/05/28 22:34:15 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll [2012/05/28 22:06:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/05/28 22:06:27 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/05/28 21:57:05 | 000,002,732 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2012/05/28 21:57:05 | 000,002,708 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2012/05/28 21:45:33 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk [2012/05/28 18:27:19 | 000,625,911 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm [2012/05/27 16:15:40 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/05/27 16:15:16 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/05/27 16:14:48 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012/05/27 16:14:29 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/05/27 16:05:02 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012/05/27 16:00:01 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk [2012/05/26 13:50:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/05/26 11:35:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012/05/26 11:35:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012/05/26 00:26:08 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/05/25 23:29:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/25 22:30:09 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/05/25 22:26:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/05/25 22:25:57 | 000,001,977 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012/05/25 19:36:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2012/05/25 19:35:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/05/25 19:26:13 | 000,015,930 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012/05/25 19:23:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012/05/25 19:21:52 | 000,001,254 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/25 19:17:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/05/25 19:17:40 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012/05/25 19:17:40 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/05/25 19:17:40 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin [2012/05/25 19:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/05/25 19:17:40 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2012/05/25 19:17:40 | 000,211,082 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012/05/25 19:17:40 | 000,197,902 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012/05/25 19:17:40 | 000,182,514 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012/05/25 19:17:40 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe [2012/05/25 19:17:40 | 000,156,057 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012/05/25 19:17:40 | 000,152,994 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012/05/25 19:17:40 | 000,148,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012/05/25 19:17:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/05/25 19:17:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin [2012/05/25 19:17:40 | 000,140,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012/05/25 19:17:40 | 000,138,572 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012/05/25 19:17:40 | 000,137,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012/05/25 19:17:40 | 000,137,506 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012/05/25 19:17:40 | 000,136,449 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012/05/25 19:17:40 | 000,135,519 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012/05/25 19:17:40 | 000,135,222 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012/05/25 19:17:40 | 000,134,686 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012/05/25 19:17:40 | 000,134,272 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012/05/25 19:17:40 | 000,134,238 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012/05/25 19:17:40 | 000,133,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012/05/25 19:17:40 | 000,133,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012/05/25 19:17:40 | 000,133,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012/05/25 19:17:40 | 000,133,014 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012/05/25 19:17:40 | 000,132,752 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012/05/25 19:17:40 | 000,132,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012/05/25 19:17:40 | 000,131,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012/05/25 19:17:40 | 000,128,863 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012/05/25 19:17:40 | 000,128,667 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012/05/25 19:17:40 | 000,128,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012/05/25 19:17:40 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012/05/25 19:17:40 | 000,117,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012/05/25 19:17:40 | 000,116,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012/05/25 19:17:40 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2012/05/25 19:17:40 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012/05/25 19:17:40 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012/05/25 19:17:40 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012/05/25 19:17:40 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012/05/25 19:17:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/05/25 19:17:40 | 000,017,220 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012/05/25 19:17:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012/05/25 19:17:40 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config [2012/05/25 19:16:32 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2012/05/25 19:14:34 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/25 19:14:34 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/25 19:14:10 | 000,043,887 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012/05/25 19:13:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/05/25 19:13:28 | 000,029,852 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012/05/25 19:01:04 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/05/25 19:01:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/05/25 18:59:15 | 2077,675,519 | -HS- | C] () -- C:\hiberfil.sys [2012/05/25 18:55:40 | 000,001,409 | ---- | C] () -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/05/25 18:55:37 | 000,001,260 | ---- | C] () -- C:\Users\Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/05/25 18:55:22 | 000,000,290 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/05/25 18:55:22 | 000,000,272 | ---- | C] () -- C:\Users\Ronnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012/05/26 11:51:26 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AVG2012 [2012/06/07 11:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Samsung [2012/05/25 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\AVG2012 [2012/06/11 06:46:21 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Sammsoft [2012/05/25 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Samsung [2012/06/07 11:47:12 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Temp [2009/07/14 06:08:49 | 000,010,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
  4. Hi, I recently downloaded some software which included the MyStart Incredibar toolbar & I am now unable to get rid of it. I've managed to stop it popping up in IE and Chrome but suspect that it is still lurking in the background & I want to make sure I'm not leaving myself open to attack. I've tried running TDSS Killer but it failed to find any threats - I'm just not convinced I know enough about this to be sure I'm ok..... Any help would be appreciated. Thanks r0nster Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.