WiredWX Hobby Weather ToolsLog in

 


OTL Logs as requested!

2 posters

descriptionOTL Logs as requested! EmptyOTL Logs as requested!25th May 2011, 1:16 am

more_horiz
Hi,

Im hoping someone can help me out Let me think

My system was running fine up until about a week ago, ive been running Avg free 2011 antivirus the past few months without a hitch then the other day for some reason its totally crashed, i cant remove it from my laptop and everytime i try to use my web browser, it takes extra long to load only to be told my Avg plugin is non responsive.

I needed some sort of antivirus and found Comodo, which seems to be fine.

Anyways, heres the logs as requested:

Otl.txt
OTL logfile created on: 25/05/2011 01:54:41 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 61.86% Memory free
3.81 Gb Paging File | 3.07 Gb Available in Paging File | 80.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.53 Gb Free Space | 56.71% Space Free | Partition Type: NTFS

Computer Name: TRANSMISSION | User Name: Jonathan Medlar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 01:44:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads\OTL.com
PRC - [2011/05/20 06:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/19 13:53:48 | 000,983,480 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/17 15:34:00 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 01:44:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads\OTL.com
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SSHNAS)
SRV - File not found [Auto | Running] -- -- (ShellHWDetection)
SRV - File not found [Auto | Stopped] -- -- (ResultUrl Service)
SRV - File not found [Auto | Running] -- -- (RemoteAccess)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Running] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/09 16:13:02 | 000,234,728 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/06/01 15:07:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/05/22 15:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008/06/26 07:26:36 | 000,335,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/03/26 19:37:26 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/17 15:38:00 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/17 12:27:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [Mobile Partner] File not found
O4 - Startup: C:\Documents and Settings\Jonathan Medlar\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/31 12:26:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0766a36e-f455-11df-998d-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{0766a36e-f455-11df-998d-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0766a36e-f455-11df-998d-0025d397006f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4c23d908-3c5e-11e0-9a4d-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{4c23d908-3c5e-11e0-9a4d-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c23d908-3c5e-11e0-9a4d-0025d397006f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4c23d90b-3c5e-11e0-9a4d-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{4c23d90b-3c5e-11e0-9a4d-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c23d90b-3c5e-11e0-9a4d-0025d397006f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4ed2e870-f66c-11df-9994-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed2e870-f66c-11df-9994-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ed2e870-f66c-11df-9994-0025d397006f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7346a7fa-7beb-11e0-9afb-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{7346a7fa-7beb-11e0-9afb-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7346a7fa-7beb-11e0-9afb-0025d397006f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8bbad068-f4a0-11df-998e-0025d397006f}\Shell - "" = AutoRun
O33 - MountPoints2\{8bbad068-f4a0-11df-998e-0025d397006f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8bbad068-f4a0-11df-998e-0025d397006f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a0c950e6-e4fc-11df-9958-9371bc75c1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{a0c950e6-e4fc-11df-9958-9371bc75c1fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0c950e6-e4fc-11df-9958-9371bc75c1fc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a0c950ea-e4fc-11df-9958-9371bc75c1fc}\Shell - "" = AutoRun
O33 - MountPoints2\{a0c950ea-e4fc-11df-9958-9371bc75c1fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0c950ea-e4fc-11df-9958-9371bc75c1fc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 20:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Medlar\Application Data\FDRLab
[2011/05/21 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2011/05/21 18:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/19 02:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2011/05/19 02:29:10 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/05/19 02:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/05/19 02:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/05/19 02:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/05/19 02:24:44 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/05/18 23:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Medlar\Application Data\wargaming.net
[2011/05/18 23:43:49 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/05/18 23:43:49 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/05/18 23:43:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/05/18 23:43:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/05/18 23:43:48 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/05/18 23:43:47 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/05/18 23:43:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/05/18 23:43:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/05/18 23:43:45 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/05/18 23:43:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/05/18 23:43:44 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/05/18 23:43:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/05/18 23:43:43 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/05/18 23:43:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/05/18 23:43:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/05/18 23:43:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/05/18 23:43:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/05/18 23:43:39 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/05/18 23:43:38 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/05/18 23:43:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/05/18 23:43:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/05/18 23:43:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/05/18 23:43:36 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/05/18 23:43:36 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/05/18 23:43:35 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/05/18 23:43:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/05/18 23:43:34 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/05/18 23:43:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/05/18 23:43:32 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/05/18 23:43:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/05/18 23:43:32 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/05/18 23:43:31 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/05/18 23:43:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/05/18 23:43:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/05/18 23:43:29 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/05/18 23:43:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/05/18 23:43:29 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/05/18 23:43:28 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/05/18 23:43:27 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/05/18 23:43:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/05/18 23:43:27 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/05/18 23:43:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/05/18 23:43:25 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/05/18 23:43:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/05/18 23:43:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/05/18 23:43:24 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/05/18 23:43:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/05/18 23:43:22 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/05/18 23:43:22 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/05/18 23:43:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/05/18 23:43:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/05/18 23:43:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/05/18 23:43:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/05/18 23:43:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/05/18 23:43:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/05/18 23:43:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/05/18 23:43:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/05/18 23:43:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/05/18 23:43:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/05/18 23:43:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/05/18 23:43:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/05/18 23:43:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/05/18 23:43:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/05/18 23:43:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/05/18 23:43:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/05/18 23:43:11 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/05/18 23:43:08 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/05/18 23:43:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/05/18 23:43:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/05/18 23:43:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/05/18 23:43:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/05/18 23:43:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/05/18 23:43:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/05/18 23:43:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/05/18 23:42:59 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/05/18 23:42:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/05/18 23:42:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/05/18 23:42:58 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/05/18 23:42:57 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/05/18 23:42:57 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/05/18 23:42:47 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/05/18 23:42:46 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/05/18 23:42:46 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/05/18 23:42:46 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/05/18 23:42:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/05/18 23:42:45 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/05/18 23:42:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/05/18 23:42:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/05/18 23:42:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/05/18 23:42:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/05/18 23:42:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/05/18 23:31:20 | 000,000,000 | ---D | C] -- C:\Games
[2011/05/18 23:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/05/18 03:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Medlar\Application Data\WinPump
[2011/05/15 20:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\WinZip
[2011/05/07 16:17:56 | 000,097,504 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/06 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/02 20:36:54 | 000,029,400 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/10/31 22:01:47 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 01:51:56 | 000,685,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/05/25 01:47:30 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B93CE90A-D7A9-476B-8EDF-5209219C1553}.job
[2011/05/25 01:47:00 | 000,000,266 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/05/25 01:32:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-746137067-839522115-1004UA.job
[2011/05/25 01:07:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/24 19:18:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 02:32:04 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-746137067-839522115-1004Core.job
[2011/05/23 21:25:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2011/05/22 02:36:38 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Grieve Logger Public V3.lnk
[2011/05/22 02:36:34 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Warcraft III.lnk
[2011/05/22 02:36:28 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Frozen Throne.lnk
[2011/05/22 02:36:23 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II Demo.lnk
[2011/05/22 02:36:18 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/05/22 02:36:14 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/05/22 02:36:09 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO Antivirus.lnk
[2011/05/22 02:36:04 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\uPlayer.lnk
[2011/05/22 02:35:53 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Broadband to go.lnk
[2011/05/22 02:35:48 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.lnk
[2011/05/22 02:35:42 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Recycle Bin.lnk
[2011/05/22 02:35:38 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to My Computer.lnk
[2011/05/22 02:35:32 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to My Documents.lnk
[2011/05/22 02:35:10 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip.lnk
[2011/05/22 02:34:39 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/05/22 02:34:33 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/05/22 02:34:23 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\YouTube Downloader.lnk
[2011/05/21 19:45:46 | 007,467,008 | ---- | M] () -- C:\bootimg.iso
[2011/05/19 02:24:44 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/05/17 12:26:53 | 115,220,127 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/16 22:20:06 | 115,185,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/05/09 12:42:34 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 18:12:43 | 000,152,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/03 01:34:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/04/28 12:37:29 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 23:55:01 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/26 18:14:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/26 18:13:24 | 000,499,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/26 18:13:24 | 000,088,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 02:36:38 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Grieve Logger Public V3.lnk
[2011/05/22 02:36:34 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Warcraft III.lnk
[2011/05/22 02:36:28 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Frozen Throne.lnk
[2011/05/22 02:36:23 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II Demo.lnk
[2011/05/22 02:36:18 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/05/22 02:36:14 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/05/22 02:36:09 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO Antivirus.lnk
[2011/05/22 02:36:04 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\uPlayer.lnk
[2011/05/22 02:35:53 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Broadband to go.lnk
[2011/05/22 02:35:48 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.lnk
[2011/05/22 02:35:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Recycle Bin.lnk
[2011/05/22 02:35:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to My Computer.lnk
[2011/05/22 02:35:32 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to My Documents.lnk
[2011/05/22 02:35:10 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip.lnk
[2011/05/22 02:34:39 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/05/22 02:34:33 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/05/22 02:34:23 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\Microsoft\Internet Explorer\Quick Launch\YouTube Downloader.lnk
[2011/05/21 19:45:46 | 007,467,008 | ---- | C] () -- C:\bootimg.iso
[2011/05/19 02:28:13 | 000,685,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/03/22 19:29:30 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/17 22:43:04 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 00:33:07 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/11/08 21:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2010/11/08 04:23:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jonathan Medlar\Application Data\avdrn.dat
[2010/11/05 04:40:07 | 000,742,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/31 22:01:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/10/31 21:47:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/31 16:53:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/31 14:03:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/10/31 13:14:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/31 13:14:29 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/10/31 13:14:29 | 000,134,592 | ---- | C] () -- C:\WINDOWS\System32\igfcg500.bin
[2010/10/31 13:14:29 | 000,092,216 | ---- | C] () -- C:\WINDOWS\System32\igfcg500m.bin
[2010/10/31 13:14:28 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/10/31 13:13:09 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/31 13:09:46 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/31 12:27:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 12:23:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,499,208 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,088,252 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C671BC00

< End of report >



Extras.txt


OTL Extras logfile created on: 25/05/2011 01:54:41 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 61.86% Memory free
3.81 Gb Paging File | 3.07 Gb Available in Paging File | 80.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.53 Gb Free Space | 56.71% Space Free | Partition Type: NTFS

Computer Name: TRANSMISSION | User Name: Jonathan Medlar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users\Documents\World of Warcraft\Launcher.exe" = C:\Documents and Settings\All Users\Documents\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Documents\World of Warcraft\Blizzard Downloader.exe" = C:\Documents and Settings\All Users\Documents\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Documents\World of Warcraft\Launcher.patch.exe" = C:\Documents and Settings\All Users\Documents\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\All Users\Documents\Warcraft3\Warcraft III\Warcraft III.exe" = C:\Documents and Settings\All Users\Documents\Warcraft3\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads\AviConverterSetup.exe" = C:\Documents and Settings\Jonathan Medlar\My Documents\Downloads\AviConverterSetup.exe:*:Enabled:InstallCore™️
"C:\Documents and Settings\All Users\Documents\World of Warcraft\BackgroundDownloader.exe" = C:\Documents and Settings\All Users\Documents\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Jonathan Medlar\My Documents\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\empires2.exe" = C:\Documents and Settings\Jonathan Medlar\My Documents\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\Jonathan Medlar\My Documents\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe" = C:\Documents and Settings\Jonathan Medlar\My Documents\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Documents and Settings\Jonathan Medlar\Local Settings\Apps\2.0\Y74YMV5R.HMR\O0CY5ME5.WC9\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Jonathan Medlar\Local Settings\Apps\2.0\Y74YMV5R.HMR\O0CY5ME5.WC9\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{950EAC71-467B-4312-8AB5-E221C020B3C8}" = biob
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FDF13CE2-BCBB-4EAC-953A-C87051746ED0}" = 2936
"Ace DivX Player_is1" = Ace DivX Player v2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Broadband to go" = Broadband to go
"conduitEngine" = Conduit Engine
"eMobile Broadband Wireless Hub" = eMobile Broadband Wireless Hub
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"SMSERIAL" = Motorola SM56 Data Fax Modem
"StarCraft II Demo" = StarCraft II Demo
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/05/2011 10:39:05 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 14:23:26 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 14:27:27 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 16:28:46 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 18:23:00 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 20:09:51 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 20:29:48 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 20:37:12 | Computer Name = TRANSMISSION | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 24/05/2011 20:53:50 | Computer Name = TRANSMISSION | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.23.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 24/05/2011 06:48:32 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 24/05/2011 06:48:32 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3221684350
(0xC007007E).

Error - 24/05/2011 06:48:32 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 24/05/2011 14:18:23 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 24/05/2011 14:18:23 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error 3221684350
(0xC007007E).

Error - 24/05/2011 14:18:23 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 24/05/2011 14:20:21 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 24/05/2011 14:20:51 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 24/05/2011 14:21:21 | Computer Name = TRANSMISSION | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 24/05/2011 18:21:59 | Computer Name = TRANSMISSION | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.11 on
the Network Card with network address 0025D397006F.


< End of report >


ASWMbr:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-25 02:07:33
-----------------------------
02:07:33.906 OS Version: Windows 5.1.2600 Service Pack 3
02:07:33.906 Number of processors: 1 586 0x170A
02:07:33.906 ComputerName: TRANSMISSION UserName:
02:08:00.453 Initialize success
02:08:13.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:08:13.046 Disk 0 Vendor: WDC_WD1600BEVT-00A23T0 01.01A01 Size: 152627MB BusType: 3
02:08:15.078 Disk 0 MBR read successfully
02:08:15.078 Disk 0 MBR scan
02:08:15.078 Disk 0 Windows XP default MBR code
02:08:17.078 Disk 0 scanning sectors +312560640
02:08:17.109 Disk 0 scanning C:\WINDOWS\system32\drivers
02:08:24.734 Service scanning
02:08:25.984 Disk 0 trace - called modules:
02:08:25.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:08:25.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a66fab8]
02:08:25.984 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c0b00]
02:08:26.000 Scan finished successfully
02:08:54.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jonathan Medlar\Desktop\MBR.dat"
02:08:54.078 The log file has been saved successfully to "C:\Documents and Settings\Jonathan Medlar\Desktop\aswMBR.txt"


Checkup.txt:
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgrsx.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````


Hope this is all you guys need Afraid

Thanks in advance Cheers Mate

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!25th May 2011, 10:36 am

more_horiz
Scan for malware

OTL Logs as requested! Bf_new Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!25th May 2011, 1:05 pm

more_horiz
Cheers Dragonmaster Jay for the quick response, after i posted last night i tried using the avg removal tool i found on site here but that still hasnt removed the non responsive avg plugin?

Anyways heres the result of the Mwb Scn:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/05/2011 13:57:41
mbam-log-2011-05-25 (13-57-41).txt

Scan type: Quick scan
Objects scanned: 150836
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!25th May 2011, 6:17 pm

more_horiz
That is not a complete MBAM log.

Please open Malwarebytes' Anti-Malware program, click on the Logs tab, and choose the latest log. Click on Open...and post the full log in your next reply.

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!25th May 2011, 11:14 pm

more_horiz
Sorry my bad DragonMaster,



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/05/2011 13:57:41
mbam-log-2011-05-25 (13-57-41).txt

Scan type: Quick scan
Objects scanned: 150836
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RESULTURL (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTURL_SERVICE (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultUrl Service (PUP.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultUrl\ShowBarSign (PUP.Zwangi) -> Value: ShowBarSign -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\jonathan medlar\my documents\downloads\lexus is200 haynes manual torrent final.exe (Trojan.BTMananger.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jonathan medlar\my documents\downloads\lexus is200 haynes manual torrent [full].exe (Trojan.BTMananger.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jonathan medlar\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\documents and settings\jonathan medlar\my documents\downloads\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!26th May 2011, 2:21 pm

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!26th May 2011, 4:17 pm

more_horiz


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f1f7bfa9fd01bb489ac8aad9cffd3ec9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-26 04:02:48
# local_time=2011-05-26 05:02:48 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777214 0 1 132501 132501 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777173 80 75 11335 2058453 0 0
# compatibility_mode=8192 67108863 100 0 160 160 0 0
# scanned=52150
# found=4
# cleaned=4
# scan_time=2394
C:\Documents and Settings\Jonathan Medlar\Local Settings\Temp\Download.exe Win32/Adware.WinPump.K application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jonathan Medlar\Local Settings\Temp\ish1474277039\defaultOffer\offer_code.txt Win32/Toolbar.Facemoods application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jonathan Medlar\Local Settings\Temp\ish1474277039\defaultOffer\offer_html.txt Win32/Toolbar.Facemoods application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-583907252-746137067-839522115-1004\Dc97.exe a variant of MSIL/Spy.Keylogger.BE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


There ya go! Smile...

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!27th May 2011, 5:40 am

more_horiz
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!27th May 2011, 6:13 pm

more_horiz
Ok cheers Dragonmaster, the only thing is the slowness when i open up chrome, it takes up to 30 or 40 seconds to initiate, and then i get the error message at the top of the browser telling me that the avg plugin has crashed.

Ive tried removing it, using both 'remove programme' and 'avg remover tool' and im still getting the message.

Otherwise, everything seems to be as normal tbh.

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!28th May 2011, 3:50 am

more_horiz
Please visit this webpage for instructions for downloading and running SUPERAntiSpyware to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

descriptionOTL Logs as requested! EmptyRe: OTL Logs as requested!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum