Computer infected

[andye]

Hi Bill, the trip was pretty good thanks.

I have downloaded and run MalwareBytes as asked, it worked perfectly from that link. Here is the resulting report as requested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5950

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/03/2011 11:47:36
mbam-log-2011-03-04 (11-47-36).txt

Scan type: Quick scan
Objects scanned: 163672
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Andy\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.


Regards

Andy

[redcar92]

Greetings andye,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thanks,
Bill
In Training at WTT Classroom

[redcar92]

Hello andye,
Do you still need assistance?
Thanks,
Bill
In Training at WTT Classroom

[andye]

Hi Bill, I very much appreciate your assistance and patience. Sorry for not getting back sooner but I had to go on a little mission to rescue a broken aeroplane. Thats what I do as a job and it gets in the way of things quite often due to the very short notice with which I am often required to fly to far flung places where our planes end up when things go wrong.

I have done the OTL scans and here are the results:

OTL logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - F:\Program Files\ReGet Software\ReGet Deluxe\ReGetDx.exe (ReGet Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)


========== Modules (SafeList) ==========

MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 6F 76 71 04 D9 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com...WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana...etupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/18 00:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 16:46:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:46:41 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:33:45 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/08 16:15:33 | 004,924,323 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/08 16:15:28 | 000,114,100 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/08 15:32:12 | 108,043,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/06 01:09:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/05 22:33:18 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 22:32:14 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/04 11:28:45 | 000,647,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:36:13 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/24 15:40:55 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2010/10/24 15:40:55 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2010/10/24 15:40:55 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2010/10/24 15:40:55 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2010/10/24 15:40:55 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/24 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/23 14:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 16:02:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/02 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/01/23 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gPaEc01817
[2011/01/03 21:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/05 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/24 16:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/03 21:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/08 16:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/25 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/11/16 22:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/21 19:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG
[2010/10/24 16:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG10
[2010/12/02 15:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\EPSON
[2011/03/05 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/01/03 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Nokia
[2011/01/03 21:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\PC Suite
[2011/03/08 16:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\ReGet Software
[2011/03/04 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2010/11/09 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\TSO
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >

[andye]

and here is the other file:

OTL Extras logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\AVG\AVG10\avgmfapx.exe" = F:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe" = F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:*:Enabled:Zuma -- ()
"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"F:\Program Files\AVG\AVG10\avgdiagex.exe" = F:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgnsx.exe" = F:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgam.exe" = F:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgemcx.exe" = F:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E759E7-7ACF-B383-D701-7B1759DC7FE7}" = Catalyst Control Center Graphics Light
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{11B7664A-8D1F-C035-97F5-ADFD7DF6702F}" = CCC Help Russian
"{167E4A06-F407-11D3-95F5-0080AD910D79}" = Saitek Gaming Extensions
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D6AC4CC-800F-BF55-1392-5BB72F4954BF}" = Catalyst Control Center Core Implementation
"{1E3FC888-BF38-FC2F-EF5D-F36D824D7F02}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2BE7E2D0-5A83-8DD2-36C0-FE0835839195}" = CCC Help Swedish
"{2E33FE3D-EBDC-DF7E-FFDD-1C18F66EE519}" = CCC Help Dutch
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3904455A-8B34-B93D-7BA3-C94AE685E5AC}" = Catalyst Control Center HydraVision Full
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6B751AEA-D37F-4246-9CF1-D37B429FDFD3}" = AVG 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{791A0C6A-6D4B-5D52-0D24-A54FEBD46C50}" = Catalyst Control Center Graphics Previews Common
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"{79FDB4DB-9BF6-68B0-0452-7B7CD5AB527E}" = CCC Help Danish
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84247579-2954-53BE-2085-DE7777D94B1D}" = CCC Help Polish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87EADE06-A8B2-7555-395F-C255D32C8852}" = ccc-core-preinstall
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A0E9DE0-F404-1ABC-B0B4-2C746BDABF8A}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCEA09B-7780-EF26-9238-977C85955B36}" = CCC Help English
"{9DA25CA7-605F-699E-D508-9357FCE9CC7C}" = CCC Help Hungarian
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9EE499D3-FCF9-354A-8BB5-CE6E440D7FC6}" = CCC Help Japanese
"{A07A6DA9-9E07-C8E7-C059-CF14945B8E56}" = CCC Help Korean
"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22EEDC4-854E-B9B0-C521-22B1F91269CC}" = CCC Help Finnish
"{A2562A9F-77A7-511D-6971-D9E5AD9F5AAE}" = CCC Help Chinese Standard
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A730D772-7053-4139-D3BB-A60C542A0415}" = ccc-utility
"{A7A12A19-95F8-ACDA-BC8A-3BF502C3EDBA}" = Catalyst Control Center Graphics Full New
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AAE35979-4BB3-430D-A916-F1C13E52491D}" = ATI AVIVO Codecs
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BA46BAAF-E957-6971-442A-3497EF14E1D0}" = CCC Help Thai
"{BC8C9954-78B4-E908-E0B2-E6A76F9D16C1}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C607CC3A-E936-CDD7-5829-D1207AE1943A}" = Skins
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CD886A30-47A2-A46F-DF9A-36C2B7F5CA13}" = CCC Help Greek
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF4732B9-51EA-D757-641D-635FBE2AA31A}" = CCC Help German
"{D176DE67-4A5A-7C87-F756-47E053A3DB6D}" = CCC Help Czech
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D73C1B47-5F0B-45B4-FC0C-13BEA4C92286}" = CCC Help Turkish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DE97C156-A085-3C21-A8C5-B7B7B700CA16}" = ccc-core-static
"{E122AF5F-7A54-FE09-BFAD-9145841CE42B}" = CCC Help Portuguese
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6887417-BCDE-7D66-2D22-071AC86628BB}" = CCC Help French
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBFEDB88-70CA-82ED-ACE5-B7E76DB770C6}" = Catalyst Control Center Localization All
"{EDE9FFF4-8711-C7FE-CB53-CBBE4754030D}" = Catalyst Control Center Graphics Full Existing
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F8B38325-9477-C4AB-93ED-3B98EFFACE96}" = CCC Help Spanish
"{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Apps-O-Rama Toolbar" = Apps-O-Rama Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX640 User's Guide" = ESPRX640 User's Guide
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"GoodMEM" = GoodMEM
"InfoView" = InfoView
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"i-Speeder" = i-Speeder
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileDB with MobileDB-Excel" = MobileDB with MobileDB-Excel
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Rocket Mania Deluxe 1.01" = Rocket Mania Deluxe 1.01
"SHOWCASE" = Feature Showcase Demo
"SysInfo" = Creative System Information
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"ReGetDx" = ReGet Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/12/2010 18:57:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/12/2010 08:46:05 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/12/2010 17:12:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 15:25:47 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 15:25:48 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 16:34:00 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/01/2011 13:13:07 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/01/2011 12:46:37 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/01/2011 14:16:15 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/01/2011 10:31:50 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Regards

Andy

[redcar92]

Hello andye,
Please open OTL.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
• In the window under Custom Scans/Fixes copy and paste the following
  
  c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
  c:\documents and settings\all users\application data\gPaEc01817\*.* /s
  c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
  c:\documents and settings\all users\application data\gPaEc01817\*.* /s
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Thanks
Bill
In Training at WTT Classroom

[andye]

Hi Bill

Ok I've done that and here is the file:

OTL logfile created on: 10/03/2011 18:21:03 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.41 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805

< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817

< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805

< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817

< End of report >

Regards

Andy

[redcar92]

Hello Andy,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL

:Files
c:\Documents and Settings\All Users\Application Data\gKbJpJi01805
c:\Documents and Settings\All Users\Application Data\gPaEc01817

:Commands

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

When complete please post how your PC is behaving now.

Thanks,
Bill
In Training at WTT Classroom

[andye]

Hi Bill,

Ok I've done that and here is the log:

OTL logfile created on: 11/03/2011 10:33:47 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.20 Gb Free Space | 83.15% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)


========== Modules (SafeList) ==========

MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 4E FD B1 1C DF CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com...WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana...etupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/11 10:33:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:05 | 004,923,423 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/11 10:32:34 | 000,116,708 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/11 10:32:09 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/11 10:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/11 09:36:07 | 000,647,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/11 09:36:06 | 108,311,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/11 09:33:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/11 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/11 00:23:40 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/10 18:15:52 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/10 11:59:51 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/09 22:23:13 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 22:25:22 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/10 18:15:52 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/08 22:25:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >


While the scan was running it stopped and gave me a pop-up that said:

Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
then 3 option buttons Cancel Try Again Continue

I hit continue and the pop-up remained, I hit continue 4 more times and the scan commenced.

I will let you know a little later today how the computer is operating as I need to pop out for a couple of hours now.

Regards

Andy

[redcar92]

Hi Andy,
How is your PC behaving now?
Thanks,
Bill
In Training at WTT Classroom