AVG update Failure

**theoldandgrey** · 22-02-2011

I run Windows 7 and AVG 2011 Free. Today the updates failed and I received an error message saying General Error. I have tried several times to re load but no go. I then did a system restore as I had installed Net Fusion but that did not make any difference. I then tried to repair - still no go. I tried to uninstall AVG Free but couldn't do that either Then after searching the web I found an AVG 11 removal tool. That I thought had worked but when I came to re-install I got an error message saying
0xC0070643
General Internal Error
Uninstallation failed
0C0076591
I have a feeling my pc is littered with useless AVG files which are probably not helping matters.

Please can someone shed some light on the problem. I am happy to change anti-Virus software although I have used AVG for 10 or more years with no problems before.

**broni** · 23-02-2011

Personally, I don't recommend AVG for some time.
I suggest, you go for one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: Avira AntiVir Personal - Free Antivirus

**theoldandgrey** · 23-02-2011

Thanks Broni I have been getting those vibes over the last couple of years but while AVG worked I didn't think a change was necessary. However I will change now but would like to clear my pc of all the rubbish left from AVG Please could you point me in the right direction of how to do this as it seems it hasn't completely uninstalled
Many thanks

**broni** · 23-02-2011

We can check, if any AVG leftovers are running.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**theoldandgrey** · 23-02-2011

Thanksfor that advice I have managed to remove some AVG files enough to load Avira. I am now posting files as requested Unfortunately the file was too large and was rejected so I
am having to do it in separate post - I hope you will not be annoyed with me
OTL logfile created on: 2/23/2011 5:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Vivian\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 170.18 Gb Free Space | 73.11% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 100.00 Mb Total Space | 31.83 Mb Free Space | 31.83% Space Free | Partition Type: NTFS

Computer Name: VIVIAN-PC | User Name: Vivian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/23 17:07:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Vivian\Desktop\OTL.exe
PRC - [2011/02/17 21:34:58 | 001,509,176 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/02/17 21:34:58 | 000,821,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/02/08 12:55:04 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/02/08 12:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/27 17

38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 00:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.ex e
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/10/09 07:18:32 | 000,173,408 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
PRC - [2008/10/09 07:18:32 | 000,132,448 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
PRC - [2008/10/09 07:18:26 | 000,083,296 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
PRC - [2008/10/09 07:18:18 | 000,750,944 | ---- | M] ( ) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
PRC - [2007/08/25 01:03:20 | 000,185,664 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe
PRC - [2007/02/16 15:00:46 | 002,273,280 | ---- | M] (Philips) -- C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe
PRC - [2004/07/03 08:15:20 | 000,036,864 | ---- | M] () -- C:\Program Files\SEC\MagicTune3.6\GammaTray.exe
PRC - [2003/07/29 16:33:46 | 000,040,960 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\SMSC\SetIcon.exe
|

**theoldandgrey** · 23-02-2011

and the next bit
========== Modules (SafeList) ==========

MOD - [2011/02/23 17:07:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Vivian\Desktop\OTL.exe
MOD - [2010/08/21 05

32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2011/02/17 21:34:58 | 000,821,048 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/02/08 12:54:57 | 001,405,384 | ---- | M] (Lavasoft Limited) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/02 04:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/22 23

24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/06/29 16:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/10/09 07:18:18 | 000,750,944 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe -- (AshampooDefragService)

========== Driver Services (SafeList) ==========

DRV - [2011/02/17 21:44:22 | 000,055,224 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus_23945.sys -- (RapportCerberus_23945)
DRV - [2011/02/17 21:35:06 | 000,157,752 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/02/17 21:35:06 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/02/17 21:35:06 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/02/04 14:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/22 23

24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/12 12:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/05/07 02:45:09 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/07 02:45:09 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/10/21 06:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (MagicTune)

========== Standard Registry (SafeList) ==========

**theoldandgrey** · 23-02-2011

nd hopefully the last of this one

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 D4 61 EE C6 CD CA 01 [binary data]
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\URLSearchHook: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "TranslatorBar 5.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2642707&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.0.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {1e7e4de1-5ef4-4baa-9250-c26258dc499a}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igea red: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 14:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 14:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 14:40:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/04 14:40:41 | 000,000,000 | ---D | M]

[2011/01/22 18:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Extensions
[2011/01/22 18:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Extensions \{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/23 17:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions
[2010/12/22 15:33:49 | 000,000,000 | ---D | M] (MapNeto 1 Toolbar) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions\{1e7e4de1-5ef4-4baa-9250-c26258dc499a}
[2011/02/23 17:05:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/02/02 15:50:28 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions\canitbecheaper@ trafficbroker.co.uk
[2010/12/22 15:33:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions\engine@conduit. com
[2010/11/06 15:10:21 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\extensions\toolbar@ask.com
[2010/08/27 14:59:42 | 000,000,937 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\searchplugins\conduit.xml
[2010/06/08 08:35:37 | 000,002,167 | ---- | M] () -- C:\Users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\rdrhvad1.default\searchplugins\inbox-search.xml
[2011/02/21 14:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/05 19:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 15:31:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/27 13:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 09:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 14:12:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (InvisibleHand Extension) - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dl l (Forward)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} - No CLSID value found.
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SetIcon] C:\Program Files\SMSC\SetIcon.exe (Standard Microsystems Corp.)
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe (Philips)
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [RegistryBooster] File not found
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [UIWatcher] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Vivian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Password Safe.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: InvisibleHand - {A3D9E1A6-5D6F-40DE-AC2A-87BBF3508387} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dl l (Forward)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/...sticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} file:///E:/system/intralaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 12:04:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 17:07:13 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Vivian\Desktop\OTL.exe
[2011/02/23 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Avira
[2011/02/23 15:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/23 15:44:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/23 15:44:47 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/23 15:44:47 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/23 15:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/23 15:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/23 15:09:54 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Software Inspection Library
[2011/02/23 15:09:23 | 000,101,264 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BdInstHk.dll
[2011/02/23 14:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2011/02/22 14:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\NetObjects
[2011/02/21 14:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2011/02/21 14:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/21 14:12:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/21 14:12:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/21 14:12:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/20 18:27:21 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Xara
[2011/02/20 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\Xara
[2011/02/20 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\MAGIX
[2011/02/20 18:16:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011/02/20 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Xara
[2011/02/20 18:15:32 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll
[2011/02/20 18:15:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\MAGIX
[2011/02/20 17:51:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\XFMCache
[2011/02/20 17:51:08 | 000,880,697 | ---- | C] (Xara Ltd.) -- C:\Windows\System32\XaraDocG.dll
[2011/02/20 17:51:08 | 000,253,952 | ---- | C] (Xara Ltd) -- C:\Windows\System32\TemplOp.dll
[2011/02/20 17:51:08 | 000,143,360 | ---- | C] (Xara Ltd) -- C:\Windows\System32\TemplMan.dll
[2011/02/20 17:51:08 | 000,139,264 | ---- | C] (Xara Ltd) -- C:\Windows\System32\BmpImporter.dll
[2011/02/20 17:51:08 | 000,023,552 | ---- | C] (Xara Ltd.) -- C:\Windows\System32\XFontMan.dll
[2011/02/20 17:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Xara
[2011/02/20 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\CoffeeCup Software
[2011/02/20 17:16:08 | 000,000,000 | ---D | C] -- C:\Users\Vivian\Documents\CoffeeCup Software
[2011/02/20 17:16:01 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\Windows\System32\Ilda32.dll
[2011/02/20 17:16:01 | 000,018,944 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\BORLNDMM.DLL
[2011/02/20 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2011/02/19 14:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Friends Games
[2011/02/19 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\RootsMagic
[2011/02/19 13:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RootsMagic
[2011/02/18 14:12:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BlitPop
[2011/02/17 21:35:06 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/02/14 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Scribus 1.3.3.14
[2011/02/14 13:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.3.3.14
[2011/02/13 14:10:10 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/13 13:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\BROTHERSOFT
[2011/02/12 16:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2011/02/12 16:20:27 | 065,809,504 | ---- | C] (INTENIUM GmbH) -- C:\Users\Vivian\Desktop\BuildALot2.exe
[2011/02/10 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/02/10 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/02/10 16:37:06 | 001,005,960 | ---- | C] (WildTangent) -- C:\Users\Vivian\Desktop\Setup-bejeweled3-hpipg.exe
[2011/02/10 15:00:37 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\Ashisoft
[2011/02/09 15:48:29 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:48:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/09 15:48:23 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/09 15:48:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:48:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:48:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:48:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:48:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:48:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:48:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:48:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:48:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:48:05 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:48:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 15:48:00 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:48:00 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:47:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/09 15:47:39 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/09 15:47:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/09 15:47:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/09 15:47:32 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/06 15:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
[2011/02/06 15:46:57 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2011/02/06 15:46:57 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2011/02/06 15:46:57 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2011/02/06 15:46:56 | 000,000,000 | ---D | C] -- C:\Windows\BBStore
[2011/02/06 15

27 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Roaming\CyberMatrix
[2011/02/06 10:49:41 | 000,000,000 | ---D | C] -- C:\Users\Vivian\AppData\Local\XemiComputers
[2011/02/06 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\XemiComputers
[2011/02/05 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Vivian\Documents\Tisgrow 2010
[2011/02/02 18:29:04 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/02/02 18:29:04 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/02/02 18:29:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/02/02 18:28:32 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/02/02 18:27:40 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/02/02 18:27:39 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/12/20 15:48:49 | 000,872,448 | ---- | C] (NovodeX AG) -- C:\ProgramData\NxPhysics.dll
[2010/12/20 15:48:49 | 000,093,240 | ---- | C] (Un4seen Developments) -- C:\ProgramData\bass.dll

========== Files - Modified Within 30 Days ==========

[2011/02/23 17:35:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/23 17:07:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Vivian\Desktop\OTL.exe
[2011/02/23 16:58:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/23 16:00:03 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (schedule).job
[2011/02/23 16:00:03 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/23 15:45:13 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/23 15:28:58 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 15:28:58 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 15

13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/23 15:20:59 | 1559,633,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/23 15:19:45 | 000,038,138 | ---- | M] () -- C:\Windows\wininit.ini
[2011/02/23 15:08:05 | 000,101,264 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BdInstHk.dll
[2011/02/23 14:49:54 | 000,007,090 | ---- | M] () -- C:\Users\Public\Documents\@FinalDlg_default_logfil e_name
[2011/02/22 19:32:07 | 000,000,000 | ---- | M] () -- C:\Users\Vivian\AppData\Local\prvlcl.dat
[2011/02/21 13:29:14 | 106,720,276 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/21 10:15:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Alpha 2006.job
[2011/02/21 10:13:22 | 000,003,261 | ---- | M] () -- C:\Users\Public\Documents\My account.eml
[2011/02/21 10:10:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Alpha 2008.job
[2011/02/21 10:05:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Alpha 2009.job
[2011/02/21 10:00:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Alpha 2010.job
[2011/02/21 09:50:10 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Website 2010.job
[2011/02/21 09:24:02 | 106,652,153 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2011/02/21 08:45:10 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Tisbus Alpha 2007.job
[2011/02/21 08:42:02 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SyncBack Pictures.job
[2011/02/21 08:40:08 | 000,674,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/20 18:16:35 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Xara Web Designer.lnk
[2011/02/20 18:16:20 | 000,005,607 | ---- | M] () -- C:\Users\Vivian\Documents\whisper.wsp
[2011/02/20 18:15:33 | 000,006,211 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2011/02/20 18:07:22 | 000,181,844 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/19 15:13:39 | 001,331,200 | ---- | M] () -- C:\Users\Vivian\Documents\L.rmgc
[2011/02/19 14:12:08 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SCREENSEVEN GAME CENTER.lnk
[2011/02/19 08:38:10 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SyncBack Documents.job
[2011/02/17 21:35:06 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/02/14 13:55:11 | 000,001,000 | ---- | M] () -- C:\Users\Vivian\Desktop\Scribus 1.3.3.14.lnk
[2011/02/14 09:27:25 | 000,049,152 | ---- | M] () -- C:\Users\Vivian\Desktop\Agenda planning & interim matters 11 02 15 Tisbury.doc
[2011/02/12 16:20:55 | 065,809,504 | ---- | M] (INTENIUM GmbH) -- C:\Users\Vivian\Desktop\BuildALot2.exe
[2011/02/12 15:19:46 | 007,023,388 | ---- | M] () -- C:\Users\Vivian\Desktop\springnewsletter2011.pdf
[2011/02/10 17:57:39 | 000,002,264 | ---- | M] () -- C:\Users\Vivian\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2011/02/10 17:57:39 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/02/10 16:37:09 | 001,005,960 | ---- | M] (WildTangent) -- C:\Users\Vivian\Desktop\Setup-bejeweled3-hpipg.exe
[2011/02/09 17:40:45 | 000,000,327 | ---- | M] () -- C:\Users\Vivian\Desktop\HP Printer Diagnostic Tools.url
[2011/02/09 15:53:51 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Beetle Bug 2 (CD version).lnk
[2011/02/09 15:09:02 | 002,061,024 | ---- | M] () -- C:\Users\Vivian\Desktop\Guides0003.jpg
[2011/02/09 15:08:59 | 001,498,283 | ---- | M] () -- C:\Users\Vivian\Desktop\Guides0002.jpg
[2011/02/09 15:08:56 | 002,056,285 | ---- | M] () -- C:\Users\Vivian\Desktop\Guides0001.jpg
[2011/02/08 12:55:21 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/02/07 19:06:33 | 000,025,600 | ---- | M] () -- C:\Users\Vivian\Documents\Ted.doc
[2011/02/05 14:52:16 | 000,026,112 | ---- | M] () -- C:\Users\Vivian\Desktop\Carol.doc
[2011/02/03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/02 18:44:04 | 000,001,440 | ---- | M] () -- C:\Users\Vivian\Desktop\create a restore point.lnk
[2011/02/02 18:18:54 | 000,025,088 | ---- | M] () -- C:\Users\Vivian\Documents\Malcolm.doc
[2011/02/02 16:36:48 | 000,023,552 | ---- | M] () -- C:\Users\Vivian\Documents\carehomes.doc
[2011/02/02 14:13:29 | 000,024,064 | ---- | M] () -- C:\Users\Vivian\Desktop\club.xls
[2011/02/02 12:05:59 | 000,024,576 | ---- | M] () -- C:\Users\Vivian\Documents\club.xls
[2011/02/02 10:43:45 | 004,995,624 | ---- | M] () -- C:\Users\Vivian\Desktop\board.psd
[2011/02/02 10:43:17 | 000,623,690 | ---- | M] () -- C:\Users\Vivian\Desktop\board copy.jpg
[2011/02/01 17:00:34 | 000,030,208 | ---- | M] () -- C:\Users\Vivian\Documents\v'S COMPLIMENT SLIP.pub
[2011/01/27 15:42:23 | 000,019,456 | ---- | M] () -- C:\Users\Vivian\Desktop\TISBUS.doc

========== Files Created - No Company Name ==========

[2011/02/23 15:45:13 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/23 15:23:51 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (schedule).job
[2011/02/23 15:23:51 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/23 15:18:16 | 000,038,138 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/23 14:50:16 | 000,007,090 | ---- | C] () -- C:\Users\Public\Documents\@FinalDlg_default_logfil e_name
[2011/02/21 10:13:21 | 000,003,261 | ---- | C] () -- C:\Users\Public\Documents\My account.eml
[2011/02/20 18:16:35 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Xara Web Designer.lnk
[2011/02/20 18:16:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/02/20 18:15:32 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/02/19 13:51:57 | 001,331,200 | ---- | C] () -- C:\Users\Vivian\Documents\L.rmgc
[2011/02/15 09:43:53 | 025,161,546 | ---- | C] () -- C:\Users\Vivian\Documents\Doc1.rtf
[2011/02/15 09:43:53 | 000,393,728 | ---- | C] () -- C:\Users\Vivian\Documents\Mottisfont A4.pub
[2011/02/14 13:55:11 | 000,001,000 | ---- | C] () -- C:\Users\Vivian\Desktop\Scribus 1.3.3.14.lnk
[2011/02/14 09:27:23 | 000,049,152 | ---- | C] () -- C:\Users\Vivian\Desktop\Agenda planning & interim matters 11 02 15 Tisbury.doc
[2011/02/12 14:11:57 | 007,023,388 | ---- | C] () -- C:\Users\Vivian\Desktop\springnewsletter2011.pdf
[2011/02/10 17:57:39 | 000,002,264 | ---- | C] () -- C:\Users\Vivian\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk
[2011/02/10 17:57:39 | 000,002,232 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/02/09 17:40:45 | 000,000,327 | ---- | C] () -- C:\Users\Vivian\Desktop\HP Printer Diagnostic Tools.url
[2011/02/09 15:53:51 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Beetle Bug 2 (CD version).lnk
[2011/02/09 15:09:02 | 002,061,024 | ---- | C] () -- C:\Users\Vivian\Desktop\Guides0003.jpg
[2011/02/09 15:09:02 | 002,056,285 | ---- | C] () -- C:\Users\Vivian\Desktop\Guides0001.jpg
[2011/02/09 15:09:02 | 001,498,283 | ---- | C] () -- C:\Users\Vivian\Desktop\Guides0002.jpg
[2011/02/07 19:06:32 | 000,025,600 | ---- | C] () -- C:\Users\Vivian\Documents\Ted.doc
[2011/02/05 15:42:00 | 000,024,064 | ---- | C] () -- C:\Users\Public\Documents\HELP THE AGED SUPPORT FOR TISBUS.doc
[2011/02/05 15:41:12 | 000,062,289 | ---- | C] () -- C:\Users\Public\Documents\Microsoft Word - Tisbus Minutes 31 January 2008.pdf
[2011/02/05 14:36:03 | 000,026,112 | ---- | C] () -- C:\Users\Vivian\Desktop\Carol.doc
[2011/02/02 18:40:02 | 000,001,440 | ---- | C] () -- C:\Users\Vivian\Desktop\create a restore point.lnk
[2011/02/02 18:30:22 | 000,001,364 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/02/02 18:18:52 | 000,025,088 | ---- | C] () -- C:\Users\Vivian\Documents\Malcolm.doc
[2011/02/02 16:36:47 | 000,023,552 | ---- | C] () -- C:\Users\Vivian\Documents\carehomes.doc
[2011/02/02 12:06:16 | 000,024,064 | ---- | C] () -- C:\Users\Vivian\Desktop\club.xls
[2011/02/02 12:05:59 | 000,024,576 | ---- | C] () -- C:\Users\Vivian\Documents\club.xls
[2011/02/02 10:43:45 | 004,995,624 | ---- | C] () -- C:\Users\Vivian\Desktop\board.psd
[2011/02/02 10:42:07 | 000,623,690 | ---- | C] () -- C:\Users\Vivian\Desktop\board copy.jpg
[2011/02/01 16:57:08 | 000,030,208 | ---- | C] () -- C:\Users\Vivian\Documents\v'S COMPLIMENT SLIP.pub
[2011/01/27 15:42:22 | 000,019,456 | ---- | C] () -- C:\Users\Vivian\Desktop\TISBUS.doc
[2011/01/18 18:10:05 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2011/01/12 16:31:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
[2010/12/20 15:48:49 | 004,952,064 | ---- | C] () -- C:\ProgramData\game.dll
[2010/12/20 15:48:49 | 000,471,040 | ---- | C] () -- C:\ProgramData\NxCooking.dll
[2010/12/20 15:48:49 | 000,438,272 | ---- | C] () -- C:\ProgramData\Hyperballoid2_og.exe
[2010/11/18 14:14:02 | 000,000,009 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/07/14 16

23 | 000,000,000 | ---- | C] () -- C:\Users\Vivian\AppData\Local\prvlcl.dat
[2010/06/17 18:31:53 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2010/04/29 12:47:52 | 000,007,605 | ---- | C] () -- C:\Users\Vivian\AppData\Local\Resmon.ResmonCfg
[2010/04/28 15:52:58 | 000,013,396 | ---- | C] () -- C:\Windows\System32\drivers\MTiCtwl.sys
[2010/04/14 19:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/04/02 13:17:51 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/03/28 11:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PretzelSpellCheck.dll
[2010/03/28 11:02:35 | 000,745,472 | ---- | C] () -- C:\Windows\System32\PMAppBuilder.dll
[2010/03/28 11:02:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PMovieServer.dll
[2010/03/27 18:39:44 | 000,009,654 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/27 17:34:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2003/10/16 17:02:58 | 000,000,600 | ---- | C] () -- C:\Windows\System32\smsc.ini
[2003/10/15 10:45:12 | 000,000,233 | ---- | C] () -- C:\Windows\SwapDrvr223A.ini
[2003/09/16 18:31:32 | 000,000,233 | ---- | C] () -- C:\Windows\SwapDrvrSP3.ini
[2003/09/16 18:31:10 | 000,000,233 | ---- | C] () -- C:\Windows\SwapDrvrSP2.ini
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 08:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 764 bytes -> C:\Users\Public\Documents\Supplier contracts.eml:OECustomProperty
@Alternate Data Stream - 676 bytes -> C:\Users\Public\Documents\My account.eml:OECustomProperty
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CB1E0D3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP

FC5A2B2

< End of report >

**theoldandgrey** · 23-02-2011

and here is the extra

TL Extras logfile created on: 2/23/2011 5:40:22 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Vivian\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 170.18 Gb Free Space | 73.11% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 100.00 Mb Total Space | 31.83 Mb Free Space | 31.83% Space Free | Partition Type: NTFS

Computer Name: VIVIAN-PC | User Name: Vivian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

[HKEY_USERS\S-1-5-21-2972275941-2608904226-991051092-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B0BA7AA-10BE-432D-92AF-577D5A8E595E}" = InvisibleHand
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55D6B4DA-50E9-47AF-99C1-9A8E3A234763}" = Greeting Card Factory Deluxe 7.0
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86391634-A94B-4355-8397-3D85C2F942DA}" = SP45575 - Wallpaper Picture Position Enabler for Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}" = PrintMaster
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9030F5D8-76F0-483A-9571-8BE0831FD8A9}" = Xara Webstyle 3.0
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}" = Whisper 32
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}" = USB 2.0 Card Reader
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F631F1BE-00B0-49CF-8DFB-9885975B27CD}" = C6200
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azteca" = Azteca
"Beetle Bug 2 (CD version)" = Beetle Bug 2 (CD version)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Google Updater" = Google Updater
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Photo Manager_is1" = Philips Photo Manager 1.1
"PrintMaster 8.0" = PrintMaster® Home Deluxe 8.0
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.91
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shop for HP Supplies" = Shop for HP Supplies
"SimpleOCR 3.1" = SimpleOCR 3.1
"SyncBack_is1" = SyncBack
"SystemRequirementsLab" = System Requirements Lab
"Terrapin FTP" = Terrapin FTP
"UKGplayer" = SCREENSEVEN GAME CENTER
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-457c9455-4834-409a-98eb-169961f3567d" = Bejeweled 3
"WTA-57aa8381-cd14-4bda-9bce-ee57fe7dd625" = Mystery of Mortlake Mansion
"WTA-f1970b76-cb15-49c7-b3ee-b1fd3731c4da" = Alexandra Fortune - Mystery of the Lunar Archipelago
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

**broni** · 23-02-2011

There are still some AVG leftovers, so we'll get rid of them, along with some other garbage....

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igea red: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} - No CLSID value found.
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - File not found
O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [ISW] File not found
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [RegistryBooster] File not found
O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [UIWatcher] File not found
O4 - Startup: C:\Users\Vivian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Password Safe.lnk = File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
[2011/02/21 13:29:14 | 106,720,276 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/21 09:24:02 | 106,652,153 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2011/02/20 18:07:22 | 000,181,844 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
@Alternate Data Stream - 764 bytes -> C:\Users\Public\Documents\Supplier contracts.eml:OECustomProperty
@Alternate Data Stream - 676 bytes -> C:\Users\Public\Documents\My account.eml:OECustomProperty
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CB1E0D3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" =-
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

**theoldandgrey** · 24-02-2011

Thanks for that here is the next one:

All processes killed
Error: Unable to interpret <:OTL SRV - File not found [Auto | Stopped] -- -- (avgwd) SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent) SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service) DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx> in the current context!
Error: Unable to interpret <86.sys -- (Avgrkx86) DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igea red: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared> in the current context!
Error: Unable to interpret <O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_TRAY] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ISW] File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [RegistryBooster] File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-2972275941-2608904226-991051092-1001..\Run: [UIWatcher] File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Vivian\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Password Safe.lnk = File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found> in the current context!
Error: Unable to interpret <[2011/02/21 13:29:14 | 106,720,276 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm> in the current context!
Error: Unable to interpret <[2011/02/21 09:24:02 | 106,652,153 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old> in the current context!
Error: Unable to interpret <[2011/02/20 18:07:22 | 000,181,844 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 764 bytes -> C:\Users\Public\Documents\Supplier contracts.eml:OECustomProperty> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 676 bytes -> C:\Users\Public\Documents\My account.eml:OECustomProperty> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CB1E0D3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63238B95> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1CE11B51> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP

FC5A2B2> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vivian
->Temp folder emptied: 114398201 bytes
->Temporary Internet Files folder emptied: 785319264 bytes
->Java cache emptied: 3499224 bytes
->FireFox cache emptied: 81306941 bytes
->Google Chrome cache emptied: 7901117 bytes
->Flash cache emptied: 112119 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1417476423 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1306124187 bytes

Total Files Cleaned = 3,544.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Vivian
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.21.0 log created on 02242011_084126

Files\Folders moved on Reboot...
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Virtualized\C\Users\Vivian\AppData\Roaming\T rusteer\Rapport\user\logs\koan.5804.log moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\YRVS68ZZ\like[9].htm moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\SIJQ4VED\69882-avg-update-failure[1].html moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\RSHZ20DR\;ord=1621891687[1].htm moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\R8AMYGWL\xd_proxy[1].htm moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\OCVDBKAB\;ord=1621841219[1].htm moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Vivian\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

AVG update Failure

AVG update Failure

Similar Threads

run.dll IE failure

Display failure followed by start up failure

qt-mt.dll failure

RAM Failure

NIC Failure