Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 51

Thread: infection by Trojan.1C8D1A13 and Crypt.AQLW

  1. #11
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    Thanks

    I have run OTL

    Here are the contents of the OTL.txt log
    (With the Extras.txt to follow in my next post)

    OTL logfile created on: 04/04/2012 23:14:28 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\DYLAN\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1022.09 Mb Total Physical Memory | 682.42 Mb Available Physical Memory | 66.77% Memory free
    2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.79% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.10 Gb Total Space | 15.38 Gb Free Space | 6.74% Space Free | Partition Type: NTFS

    Computer Name: DJMYC22J | User Name: DYLAN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\DYLAN\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
    PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
    PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    PRC - C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
    PRC - C:\WINDOWS\Gtwatch.exe ()
    PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\AVG Secure Search\iGearedHelper.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\system32\encdec.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\WINDOWS\system32\hcwXDS.dll ()
    MOD - C:\WINDOWS\system32\wstpager.ax ()
    MOD - C:\WINDOWS\system32\VBICodec.ax ()
    MOD - C:\WINDOWS\system32\mpg2splt.ax ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\WINDOWS\Gtwatch.exe ()
    MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
    MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


    ========== Win32 Services (SafeList) ==========

    SRV - (w800mdfl) -- %systemroot%\system32\edspport.dll File not found
    SRV - (tosporte) -- %systemroot%\system32\Sk99202k.dll File not found
    SRV - (TcUsb) -- %systemroot%\system32\usbscan.dll File not found
    SRV - (s716bus) -- %systemroot%\system32\Alpham1.dll File not found
    SRV - (pdscheduler) -- %systemroot%\system32\iviaspi.dll File not found
    SRV - (oraclemtsrecoveryservice) -- %systemroot%\system32\se59bus.dll File not found
    SRV - (NWDHCP) -- %systemroot%\system32\ICAM5USB.dll File not found
    SRV - (MXOFX) -- %systemroot%\system32\AMDPCI.dll File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
    SRV - (FGDSCSI) -- %systemroot%\system32\n558.dll File not found
    SRV - (ET5Drv) -- %systemroot%\system32\simbad.dll File not found
    SRV - (easdrv) -- %systemroot%\system32\ql10wnt.dll File not found
    SRV - (dns4meclient) -- %systemroot%\system32\CTAudSvcService.dll File not found
    SRV - (dktknsrv) -- %systemroot%\system32\se45mdfl.dll File not found
    SRV - (ccproxy) -- %systemroot%\system32\epsonstatusagent2.dll File not found
    SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (NxFsMon) -- C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
    SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
    SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
    DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\DYLAN\LOCALS~1\Temp\catchme.sys File not found
    DRV - (bvrp_pci) -- File not found
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()
    DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
    DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
    DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys ( )
    DRV - (PenClass) -- C:\WINDOWS\system32\drivers\PenClass.sys (Wacom Technology Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4F84B933-42AB-4259-AE76-3FC3E6778E13}&mid=d0329683733b3f5ad65678528df029a7-24827d1ce0f0702a4e430da99e606b9e9fc90817&lang=us&ds=AVG&pr=pa&d=2011-12-10 12:37:18&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c69c29c&v=7.008.031.001&i=26&tp=ab&iy=&ychte=uk&lng=en-US&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 10:34:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/20 23:28:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 19:01:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 13:27:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 12:47:09 | 000,000,000 | ---D | M]

    [2008/06/21 16:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Extensions
    [2012/03/14 13:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Firefox\Profiles\8iblg8pq.default\extensions
    [2012/03/14 13:15:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Firefox\Profiles\8iblg8pq.default\extensions\foxmarks@kei.com
    [2011/11/10 21:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/21 14:02:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/03/18 13:27:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2006/03/21 02:38:07 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin9.dll
    [2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
    [2012/03/12 19:00:51 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/02/14 19:18:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/14 19:18:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
    CHR - plugin: QuickTime Plug-in 6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\CRX_INSTALL\
    CHR - Extension: Gmail = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    Hosts file not found
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {529a0fdb-e15c-4c9e-aa28-1b162cbeb39e} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (no name) - {C7D72214-B740-408B-AB04-D1B815C9F07B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [] C:\WINDOWS\Gtwatch.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [kdx] C:\Program Files\KHost.exe -all File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
    O4 - Startup: C:\Documents and Settings\DYLAN\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\DYLAN\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase9563.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/.../en/crlocx.ocx (CRLDownloadWrapper Class)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
    O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2012/04/04 20:41:26 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: s716bus - %systemroot%\system32\Alpham1.dll File not found
    NetSvcs: ccproxy - %systemroot%\system32\epsonstatusagent2.dll File not found
    NetSvcs: FGDSCSI - %systemroot%\system32\n558.dll File not found
    NetSvcs: oraclemtsrecoveryservice - %systemroot%\system32\se59bus.dll File not found
    NetSvcs: MXOFX - %systemroot%\system32\AMDPCI.dll File not found
    NetSvcs: NWDHCP - %systemroot%\system32\ICAM5USB.dll File not found
    NetSvcs: tosporte - %systemroot%\system32\Sk99202k.dll File not found
    NetSvcs: NxFsMon - C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
    NetSvcs: dktknsrv - %systemroot%\system32\se45mdfl.dll File not found
    NetSvcs: TcUsb - %systemroot%\system32\usbscan.dll File not found
    NetSvcs: w800mdfl - %systemroot%\system32\edspport.dll File not found
    NetSvcs: pdscheduler - %systemroot%\system32\iviaspi.dll File not found
    NetSvcs: easdrv - %systemroot%\system32\ql10wnt.dll File not found
    NetSvcs: dns4meclient - %systemroot%\system32\CTAudSvcService.dll File not found
    NetSvcs: ET5Drv - %systemroot%\system32\simbad.dll File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/04 23:08:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DYLAN\Desktop\OTL.exe
    [2012/04/04 21:01:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/04/04 20:58:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/04 20:58:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/04 20:58:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/04 20:58:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/04 20:58:04 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/04/04 20:57:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/04 20:41:26 | 000,000,000 | RHSD | C] -- C:\autorun.inf
    [2012/04/04 20:28:04 | 004,455,902 | R--- | C] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\ComboFix.exe
    [2012/04/03 23:10:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/03 23:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/04/03 23:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/04/03 23:01:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\dds.scr
    [2012/04/03 23:01:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\DYLAN\Desktop\erunt-setup.exe
    [2012/04/02 20:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/04/02 20:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/03/17 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DYLAN\My Documents\usb_stick
    [2012/03/12 18:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DYLAN\My Documents\The Space Children Original Motion Picture Soundtrack (FSM Golden Age Classics Vol.14 No.15) (1958) (2011)
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Documents and Settings\DYLAN\Desktop\[TorrentReactor.to] - Shadowy Men On A Shadowy Planet.torrent
    [2012/04/04 23:05:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/04 23:03:49 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2012/04/04 23:03:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/04 23:03:28 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/04 23:03:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DYLAN\Desktop\OTL.exe
    [2012/04/04 23:02:55 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
    [2012/04/04 23:02:55 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
    [2012/04/04 23:02:55 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
    [2012/04/04 23:02:55 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
    [2012/04/04 23:02:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2012/04/04 23:02:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2012/04/04 23:02:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
    [2012/04/04 23:02:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
    [2012/04/04 21:01:43 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/04/04 20:57:53 | 004,932,819 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
    [2012/04/04 20:31:17 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-611107407-3456149426-1704487010-1005UA.job
    [2012/04/04 20:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2012/04/04 20:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2012/04/04 20:17:00 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\Flash_Disinfector.exe
    [2012/04/04 08:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2012/04/04 08:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2012/04/04 08:03:58 | 004,455,902 | R--- | M] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\ComboFix.exe
    [2012/04/04 08:03:02 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\CKScanner.exe
    [2012/04/03 23:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2012/04/03 23:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2012/04/03 23:09:21 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\ERUNT.lnk
    [2012/04/03 22:57:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\dds.scr
    [2012/04/03 22:56:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\DYLAN\Desktop\erunt-setup.exe
    [2012/04/03 22:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2012/04/03 22:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2012/04/03 21:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2012/04/03 21:29:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2012/04/03 19:35:00 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\DYLAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/04/03 19:34:59 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\Google Chrome.lnk
    [2012/04/03 19:31:47 | 093,479,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/04/03 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2012/04/03 19:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2012/04/02 20:57:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2012/04/01 19:27:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/03/31 18:59:10 | 000,232,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/03/31 13:15:17 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\DYLAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/31 13:12:32 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
    [2012/03/31 12:31:04 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-611107407-3456149426-1704487010-1005Core.job
    [2012/03/25 14:25:58 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/25 14:25:58 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/15 11:52:39 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/14 21:51:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/13 15:19:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    File not found -- C:\Documents and Settings\DYLAN\Desktop\[TorrentReactor.to] - Shadowy Men On A Shadowy Planet.torrent
    [2012/04/04 21:01:42 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2012/04/04 21:01:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/04/04 20:58:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/04 20:58:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/04 20:58:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/04 20:58:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/04 20:58:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/04 20:28:09 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\Flash_Disinfector.exe
    [2012/04/04 08:11:07 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\CKScanner.exe
    [2012/04/03 23:09:21 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\ERUNT.lnk
    [2012/04/02 20:57:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
    [2012/04/02 20:57:21 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2012/04/02 20:57:17 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2012/04/02 20:57:16 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2012/04/02 20:57:16 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2012/04/02 20:57:16 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2012/03/09 12:02:53 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/16 16:54:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

    ========== LOP Check ==========

    [2012/03/12 19:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2011/08/16 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2012/04/02 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/08/16 20:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2008/02/06 01:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/03/14 21:05:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2010/12/14 01:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
    [2012/01/19 19:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2012/04/04 23:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2011/08/16 20:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008/02/07 21:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2008/03/17 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2006/01/27 02:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/03/16 23:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/19 20:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/28 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/06 20:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2006/04/26 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\.BitTornado
    [2012/01/14 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG Secure Search
    [2011/08/16 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG10
    [2010/07/18 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG9
    [2011/05/15 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/04/04 23:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Dropbox
    [2010/06/15 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Facebook
    [2012/02/05 18:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\foobar2000
    [2012/01/22 22:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\HandBrake
    [2006/04/01 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Leadertech
    [2006/05/16 20:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\LimeWire
    [2010/07/25 18:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Nokia
    [2009/12/15 00:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\OpenOffice.org
    [2009/03/19 00:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Panasonic
    [2008/02/07 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\PC Suite
    [2011/04/13 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Saer
    [2006/03/21 01:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Template
    [2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2012/04/04 08:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2012/04/04 08:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2012/04/02 20:57:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2012/04/02 20:57:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2012/04/03 19:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2012/04/03 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2012/04/04 20:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2012/04/04 20:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2012/04/03 21:29:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2012/04/03 21:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2012/04/03 22:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2012/04/03 22:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2012/04/03 23:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2012/04/03 23:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < End of report >

  2. #12
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    And here is the OTL log Extras.Txt

    OTL Extras logfile created on: 04/04/2012 23:14:28 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\DYLAN\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1022.09 Mb Total Physical Memory | 682.42 Mb Available Physical Memory | 66.77% Memory free
    2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.79% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.10 Gb Total Space | 15.38 Gb Free Space | 6.74% Space Free | Partition Type: NTFS

    Computer Name: DJMYC22J | User Name: DYLAN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
    "C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
    "C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
    "C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
    "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
    "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
    "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
    "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
    "{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
    "{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
    "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
    "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
    "{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9DBCAEDF-4853-437F-8B62-9C3B1267E9A4}" = AVG 2011
    "{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
    "{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
    "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
    "{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    "819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
    "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
    "ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe After Effects 7.0" = Adobe After Effects 7.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "BBC iPlayer Download Manager" = BBC iPlayer Download Manager
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BitTornado" = BitTornado 0.3.7
    "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Crush'Em 2.0" = Crush'Em 2.0
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "DVD Shrink_is1" = DVD Shrink 3.2
    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "ERUNT_is1" = ERUNT 1.1j
    "ESPNMotion" = ESPNMotion
    "foobar2000" = foobar2000 v1.0.3
    "GoogleVideoPlayer" = Google Video Player
    "HandBrake" = HandBrake 0.9.5
    "hp print screen utility" = hp print screen utility
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
    "InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
    "InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
    "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
    "InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
    "InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "Puzzl'Em1.0Beta2" = Puzzl'Em 1.0 Beta2
    "RealPlayer 6.0" = RealPlayer
    "ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Tablet Driver" = Tablet
    "TaxCalc 2006" = TaxCalc 2006
    "TaxCalc 2007" = TaxCalc 2007
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.11
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Word8.0" = Microsoft Word 97
    "Works99Setup" = Microsoft Works Setup Launcher
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/04/2012 15:56:25 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:28 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:28 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:31 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:34 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:36 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 15:56:38 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 18:05:08 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 18:05:15 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 04/04/2012 18:05:22 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    [ System Events ]
    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The VIAPFD service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The USRpdA service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The Mpfp service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The Symwsc service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The SQTECH9080 service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The DevUpper service terminated with the following error: %%126

    Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The Keymaestro service terminated with the following error: %%126

    Error - 04/04/2012 15:00:15 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7022
    Description = The KService service hung on starting.

    Error - 04/04/2012 15:00:17 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127

    Error - 04/04/2012 15:12:12 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
    Description = The Network Location Awareness (NLA) service terminated with the following
    error: %%127


    < End of report >

  3. #13
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Ok...now I can see the infection. This may take several passes to remove.
    ---------

    I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

    To submit a file to virustotal, please click VirusTotal

    copy and paste the following into the upload a file box (one at a time if more than one file is listed)

    C:\WINDOWS\System32\drivers\AFS2K.SYS

    scroll down a bit and click "send file", wait for the results and post them in your next reply.

    Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
    ----------

  4. #14
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    Thanks for all this work you are putting in to my problem

    Unfortunately I will now have to be away from the infected PC for a few days.

    Until Tuesday, April 10.

    In that time no one else will be accessing the computer.
    Is it possible to keep this thread open and active until Tuesday night?

  5. #15
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Of course I can keep it open. Thanks for letting me know.

  6. #16
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    Thanks for your patience jeffce.

    Here I am back in the saddle.

    I have clicked the link to Virustotal (The GUI is a little different to how described 'scan it' rather than 'send it.' But no matter.)

    When I submitted AFS2K.SYS it gave me the following answer:


    This file was already analysed by VirusTotal on 2012-04-10 19:50:27.

    Detection ratio: 0/42

    You can take a look at the last analysis or analyse it again now.

    (I thought this was rather odd as my computer certainly wasn't switched on at that date and time. But of course, I guess it's just analysing the file itself and not where it came from.)

    I analysed the file again and received the following results:

    SHA256: ec87828dbd4e11079c1e7296eec568917a7b4052aa3effa402dd5faa7e45741d
    File name: AFS2K.SYS
    Detection ratio: 0 / 42
    Analysis date: 2012-04-10 23:45:56 UTC ( 1 minute ago )
    0
    0
    Antivirus Result Update
    AhnLab-V3 - 20120410
    AntiVir - 20120410
    Antiy-AVL - 20120410
    Avast - 20120410
    AVG - 20120411
    BitDefender - 20120411
    ByteHero - 20120410
    CAT-QuickHeal - 20120410
    ClamAV - 20120411
    Commtouch - 20120410
    Comodo - 20120410
    DrWeb - 20120411
    Emsisoft - 20120410
    eSafe - 20120408
    eTrust-Vet - 20120410
    F-Prot - 20120410
    F-Secure - 20120410
    Fortinet - 20120411
    GData - 20120410
    Ikarus - 20120410
    Jiangmin - 20120410
    K7AntiVirus - 20120410
    Kaspersky - 20120410
    McAfee - 20120411
    McAfee-GW-Edition - 20120410
    Microsoft - 20120410
    NOD32 - 20120410
    Norman - 20120410
    nProtect - 20120410
    Panda - 20120410
    PCTools - 20120411
    Rising - 20120410
    Sophos - 20120411
    SUPERAntiSpyware - 20120402
    Symantec - 20120411
    TheHacker - 20120410
    TrendMicro - 20120411
    TrendMicro-HouseCall - 20120411
    VBA32 - 20120410
    VIPRE - 20120410
    ViRobot - 20120410
    VirusBuster - 20120410

  7. #17
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Glad to see you back. Let me work up a fix and I will get back as soon as I can.

  8. #18
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
    ----------

    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services
      
      :OTL
      SRV - (NxFsMon) -- C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
      [2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
      O2 - BHO: (no name) - {529a0fdb-e15c-4c9e-aa28-1b162cbeb39e} - No CLSID value found.
      O2 - BHO: (no name) - {C7D72214-B740-408B-AB04-D1B815C9F07B} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      NetSvcs: NxFsMon - C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      :Files
      del C:\WINDOWS\tasks\At*.job /c
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  9. #19
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    Ok, I've backed up my registry with ERUNT.

    just one quick question before I launch OTL:
    The infected computer is currently offline. Does the computer need to be connected to the internet before I run the fix?

  10. #20
    Junior Member
    Join Date
    Apr 2012
    Posts
    29

    Default

    I should add, that I have no problem reconnecting to the internet. I've just been staying offline as much as possible as a precautionary measure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •