Hi there ... please help with this very annoying problem (apologies to Ken who started to help but then I never got back to due to work problems so post was archived)

Restarted from beginning as advised by Ken on old post (link below) http://forums.spybot.info/showthread.php?t=60759

Results of spybot scan below but also saved full report if required ?



Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Win32.AutoRun.tmp: [SBI $751B1850] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

Right Media: Tracking cookie (Internet Explorer: Ian) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Ian) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-16 Includes\Hijackers.sbi (*)
2010-11-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-11-16 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-11-16 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


DDS log below


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ian at 12:38:04.68 on 26/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.895.157 [GMT 0:00]

AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Live PC Care *Enabled/Updated* {B82B3354-8E67-4E31-B4DE-68B1CBA1E735}
FW: AVG Firewall *Enabled*
FW: Live PC Care *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\21QCU84C\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uStart Page = hxxp://www.metoffice.gov.uk/weather/uk/uk_forecast_weather.html
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uInternet Connection Wizard,ShellNext = hxxp://www.ebay.co.uk/
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60204
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60204
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ATIPTA] c:\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ian\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\ian\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - c:\documents and settings\ian\desktop\WH GBP Casino.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\progra~1\micros~4\CENetFlt.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: awtroMEt - awtroMEt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqPhHBS
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-15 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-15 52872]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-15 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-15 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-15 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-15 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-15 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-2-15 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-15 30104]

=============== Created Last 30 ================

2010-12-26 10:20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 10:20:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 10:20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 18:51:00 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 18:46:41 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 16:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 12:39:51.07 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/09/2005 15:40:35
System Uptime: 26/12/2010 10:45:59 (2 hours ago)

Motherboard: NEC COMPUTERS INTERNATIONAL | | MS-7168
Processor: AMD Athlon(tm) 64 Processor 3400+ | CPU 1 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 143.039 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP810: 23/09/2010 10:49:31 - System Checkpoint
RP811: 30/09/2010 09:01:06 - Software Distribution Service 3.0
RP812: 30/09/2010 19:43:28 - Avg Update
RP813: 02/10/2010 08:12:40 - Software Distribution Service 3.0
RP814: 07/10/2010 19:45:55 - Avg Update
RP815: 13/10/2010 09:51:02 - System Checkpoint
RP816: 14/10/2010 16:04:15 - Software Distribution Service 3.0
RP817: 19/10/2010 20:27:25 - System Checkpoint
RP818: 26/10/2010 09:02:03 - Avg Update
RP819: 26/10/2010 11:04:02 - Installed Java(TM) 6 Update 20
RP820: 26/10/2010 11:05:02 - Installed OpenOffice.org 3.2
RP821: 26/10/2010 12:16:27 - Installed Rapport
RP822: 28/10/2010 10:03:32 - System Checkpoint
RP823: 29/10/2010 10:07:39 - System Checkpoint
RP824: 31/10/2010 11:11:25 - System Checkpoint
RP825: 01/11/2010 18:43:34 - System Checkpoint
RP826: 03/11/2010 09:53:04 - System Checkpoint
RP827: 04/11/2010 16:35:58 - System Checkpoint
RP828: 05/11/2010 17:28:17 - System Checkpoint
RP829: 08/11/2010 17:01:49 - System Checkpoint
RP830: 10/11/2010 16:55:36 - Avg Update
RP831: 10/11/2010 16:55:59 - Avg Update
RP832: 10/11/2010 17:11:58 - Software Distribution Service 3.0
RP833: 12/11/2010 08:29:04 - System Checkpoint
RP834: 15/11/2010 08:08:42 - System Checkpoint
RP835: 17/11/2010 09:24:31 - System Checkpoint
RP836: 18/11/2010 17:01:21 - System Checkpoint
RP837: 18/11/2010 21:00:17 - Software Distribution Service 3.0
RP838: 20/11/2010 08:45:09 - System Checkpoint
RP839: 21/11/2010 11:18:50 - System Checkpoint
RP840: 24/11/2010 15:43:00 - Avg Update
RP841: 24/11/2010 15:43:51 - Avg Update
RP842: 27/11/2010 17:36:49 - System Checkpoint
RP843: 29/11/2010 10:28:56 - System Checkpoint
RP844: 04/12/2010 14:33:15 - System Checkpoint
RP845: 07/12/2010 11:04:28 - System Checkpoint
RP846: 08/12/2010 22:18:37 - System Checkpoint
RP847: 10/12/2010 21:59:31 - Unsigned driver install
RP848: 15/12/2010 18:50:40 - Software Distribution Service 3.0
RP849: 16/12/2010 07:33:59 - Software Distribution Service 3.0
RP850: 17/12/2010 17:14:58 - System Checkpoint
RP851: 17/12/2010 19:24:04 - Software Distribution Service 3.0
RP852: 18/12/2010 08:28:19 - Installed Java(TM) 6 Update 23
RP853: 18/12/2010 08:32:17 - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP854: 19/12/2010 10:28:59 - System Checkpoint
RP855: 20/12/2010 11:59:13 - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 94.75.207.108 www.google.com
Hosts: 94.75.207.108 google.com
Hosts: 94.75.207.108 google.com.au
Hosts: 94.75.207.108 www.google.com.au
Hosts: 94.75.207.108 google.be
Hosts: 94.75.207.108 www.google.be
Hosts: 94.75.207.108 google.com.br
Hosts: 94.75.207.108 www.google.com.br
Hosts: 94.75.207.108 google.ca
Hosts: 94.75.207.108 www.google.ca
Hosts: 94.75.207.108 google.ch
Hosts: 94.75.207.108 www.google.ch
Hosts: 94.75.207.108 google.de
Hosts: 94.75.207.108 www.google.de
Hosts: 94.75.207.108 google.dk
Hosts: 94.75.207.108 www.google.dk
Hosts: 94.75.207.108 google.fr
Hosts: 94.75.207.108 www.google.fr
Hosts: 94.75.207.108 google.ie
Hosts: 94.75.207.108 www.google.ie
Hosts: 94.75.207.108 google.it
Hosts: 94.75.207.108 www.google.it
Hosts: 94.75.207.108 google.co.jp
Hosts: 94.75.207.108 www.google.co.jp
Hosts: 94.75.207.108 google.nl
Hosts: 94.75.207.108 www.google.nl
Hosts: 94.75.207.108 google.no
Hosts: 94.75.207.108 www.google.no
Hosts: 94.75.207.108 google.co.nz
Hosts: 94.75.207.108 www.google.co.nz
Hosts: 94.75.207.108 google.pl
Hosts: 94.75.207.108 www.google.pl
Hosts: 94.75.207.108 google.se
Hosts: 94.75.207.108 www.google.se
Hosts: 94.75.207.108 google.co.uk
Hosts: 94.75.207.108 www.google.co.uk
Hosts: 94.75.207.108 google.co.za
Hosts: 94.75.207.108 www.google.co.za
Hosts: 94.75.207.108 www.google-analytics.com
Hosts: 94.75.207.108 www.bing.com
Hosts: 94.75.207.108 search.yahoo.com
Hosts: 94.75.207.108 www.search.yahoo.com
Hosts: 94.75.207.108 uk.search.yahoo.com
Hosts: 94.75.207.108 ca.search.yahoo.com
Hosts: 94.75.207.108 de.search.yahoo.com
Hosts: 94.75.207.108 fr.search.yahoo.com
Hosts: 94.75.207.108 au.search.yahoo.com

==== Installed Programs ======================

3D Mahjongg
7 Wonders of the World
Acrobat.com
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Apple Mobile Device Support
Apple Software Update
AVG 9.0
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Blast Thru Special Edition
BT Broadband Desktop Help
BT Voyager Wireless Utility
BT Yahoo! Applications
Call of Atlantis
Charmed
Color Wheel
Creation Station Special Edition
Critical Update for Windows Media Player 11 (KB959772)
Cross Stitcher
Cubis for Pocket PC
Dark Tiles
Dodgem
Drone
Drop
eGames Master's Edition 151
EPSON Copy Utility 3
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
ERUNT 1.1j
ESDX3800 User's Guide
Galaxy of Games 201
Gems 3D
Go-Moku
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 23
Jewel Match
Jewel Quest
Keno Craze Special Edition
Kombat Kars Special Edition
LG PC Suite
LG USB Modem driver
Luxor 3
Luxor Amun Rising (remove only)
Mahjongg Empire Special Edition
Mahjongg Master 3 Special Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.5
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MVP Solitaire Clubs Edition
OpenOffice.org 3.2
Pocket PC Connection Wizard
Professor Wilde
Puzzle Master 2 Special Edition
QuickTime
Rapport
Rapture's King Sol
Rapture's King Sol for PocketPC
Realtek AC'97 Audio
Samsung PC Studio
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sky Broadband
Sky Broadband Browser Branding
Soldiers - Heroes of World War II
Sonic MyDVD
Sonic RecordNow!
Spybot - Search & Destroy
Tetris Worlds
TomTom HOME
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC_MergeModuleToMSI
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

26/12/2010 12:38:18, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
26/12/2010 10:44:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
23/12/2010 08:35:17, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/12/2010 09:51:30, error: Print [6161] - The document worksheet owned by Ian failed to print on printer EPSON Stylus DX3800 Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\KAREN. Win32 error code returned by the print processor: 259 (0x103).

==== End Of File ===========================

Hello Ian,

Sorry but we get so busy that with forum policy if a there is no reply in 3 days the thread is closed.

Lets do this.


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Hi Ken ... Happy New Year .. thanks for taking time to reply !!

Ran the OTL and no problem with the OTL report but no extras report produced ?? however have attached an extras report from a few days ago I ran after reading your reply to the old post so have attached that one instead.

When I ran the OTL program this time it couldnt access some files so I had it skip past them whereas a few days ago it was all scanned.

Thankk you once again.

OTL logfile created on: 01/01/2011 08:16:47 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Ian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 329.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.29 Gb Total Space | 142.98 Gb Free Space | 79.30% Space Free | Partition Type: NTFS

Computer Name: KAREN | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - c:\APPS\HIDSERVICE\HidService.exe ()
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (UPATC) -- C:\WINDOWS\system32\drivers\upatc.sys (SCM Microsystems Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60204

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/weather/uk/uk_forecast_weather.html
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/02/08 06:42:39 | 000,002,752 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 94.75.207.108 www.google.com
O1 - Hosts: 94.75.207.108 google.com
O1 - Hosts: 94.75.207.108 google.com.au
O1 - Hosts: 94.75.207.108 www.google.com.au
O1 - Hosts: 94.75.207.108 google.be
O1 - Hosts: 94.75.207.108 www.google.be
O1 - Hosts: 94.75.207.108 google.com.br
O1 - Hosts: 94.75.207.108 www.google.com.br
O1 - Hosts: 94.75.207.108 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Ian\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Ian\Desktop\WH GBP Casino.lnk File not found
O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Ian\Desktop\WH GBP Casino.lnk File not found
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\awtroMEt: DllName - awtroMEt.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqPhHBS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9c6a633a-cfee-11dc-baf6-0016e3c5b08b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 10:52:19 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe
[2010/12/26 10:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\Scans Logs
[2010/12/26 10:20:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/26 10:20:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/26 10:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/18 08:28:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/18 08:28:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/18 08:28:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\pumppics
[2010/12/15 18:51:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 18:46:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/06 16:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/06 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/06 16:43:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt-setup.exe
[2010/12/04 12:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\bikepics
[2005/08/29 11:11:24 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1979/12/31 23:00:00 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1979/12/31 23:00:00 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1979/12/31 23:00:00 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1979/12/31 23:00:00 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1979/12/31 23:00:00 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 08:01:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\prvlcl.dat
[2011/01/01 07:55:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/01 07:54:49 | 000,641,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/01/01 07:54:48 | 069,588,666 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/29 11:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/12/28 11:24:03 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Static Project.xls
[2010/12/28 10:57:28 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/26 10:52:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe
[2010/12/26 10:46:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 10:46:22 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/26 10:20:12 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 10:05:59 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Business Plan.lnk
[2010/12/26 10:05:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Internet Explorer.lnk
[2010/12/23 15:02:17 | 000,035,692 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\worksheet.ods
[2010/12/22 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/12/22 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/12/22 10:33:23 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning CClear.doc
[2010/12/21 11:26:40 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Budget.xls
[2010/12/21 10:49:46 | 005,497,856 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\IanHornbyJust3ClicksEbooks(1).xls
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 13:57:48 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\DEBTLIST CC.ods
[2010/12/19 08:41:15 | 000,030,201 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\PRE worksheet.ods
[2010/12/18 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/18 09:57:43 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning.doc
[2010/12/16 08:24:40 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 07:42:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/07 20:15:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/06 16:45:32 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/06 16:45:20 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk
[2010/12/06 16:43:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt-setup.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 11:54:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Static Project.xls
[2010/12/26 10:20:12 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 10:05:59 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Business Plan.lnk
[2010/12/26 10:05:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Internet Explorer.lnk
[2010/12/22 10:15:38 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning CClear.doc
[2010/12/18 09:57:43 | 000,195,584 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning.doc
[2010/12/13 18:13:49 | 000,718,445 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\fittings.JPG
[2010/12/07 16:40:46 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\DEBTLIST CC.ods
[2010/12/06 16:45:32 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/06 16:45:20 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk
[2010/02/17 21:52:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\cstitcher.ini
[2009/04/23 00:28:19 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/23 00:28:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/04/22 22:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\prvlcl.dat
[2008/09/24 16:36:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 12:17:22 | 001,158,934 | -HS- | C] () -- C:\WINDOWS\System32\fxacgugw.ini
[2008/05/23 19:15:27 | 001,158,874 | -HS- | C] () -- C:\WINDOWS\System32\kuualbfl.ini
[2008/05/23 19:14:21 | 001,155,146 | -HS- | C] () -- C:\WINDOWS\System32\vskrtyan.ini
[2008/05/22 19:23:50 | 001,229,216 | -HS- | C] () -- C:\WINDOWS\System32\xeraicbu.ini
[2008/05/19 05:35:36 | 000,794,221 | -HS- | C] () -- C:\WINDOWS\System32\bccLknpo.ini
[2008/05/17 11:51:59 | 000,803,678 | -HS- | C] () -- C:\WINDOWS\System32\ayyadfhk.ini
[2008/05/16 17:35:50 | 000,781,730 | -HS- | C] () -- C:\WINDOWS\System32\noVEdMoq.ini
[2008/05/13 20:40:01 | 000,661,650 | -HS- | C] () -- C:\WINDOWS\System32\MnWGNnmp.ini
[2008/05/13 19:43:28 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\sgdvpwwj.ini
[2008/05/13 15:26:30 | 000,395,263 | -HS- | C] () -- C:\WINDOWS\System32\SBHhPqss.ini
[2007/08/15 18:53:17 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2007/03/31 20:13:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/02/22 09:58:49 | 000,001,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/20 23:32:22 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/10/15 19:18:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2006/09/07 21:39:58 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/09 09:23:13 | 000,000,251 | ---- | C] () -- C:\WINDOWS\CAPWIN.INI
[2006/02/25 10:08:36 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\attfd42.dll
[2005/12/27 10:31:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/09/10 15:41:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/10 15:15:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/10 15:14:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2005/09/10 14:50:28 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2005/08/29 11:41:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/29 11:26:12 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/08/29 11:17:19 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/29 11:11:24 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/08/29 11:11:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/08/29 11:11:24 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/07 17:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 16:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1979/12/31 23:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1979/12/31 23:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

========== LOP Check ==========

[2010/02/08 07:13:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\3da16ab
[2010/10/26 08:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/15 18:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/06/27 11:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2007/05/25 07:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2010/02/07 16:08:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\LPCUCG
[2009/06/28 18:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/03/02 18:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/28 18:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/09/12 19:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/31 12:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/08/19 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2005/09/10 15:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/08/29 11:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/13 08:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\EPSON
[2007/02/23 12:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Gaijin Ent
[2006/05/26 19:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\OLYMPUS
[2010/10/26 10:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\OpenOffice.org
[2007/03/02 18:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\PlayFirst
[2009/11/01 13:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Reg Tool
[2010/08/19 09:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Trusteer
[2007/02/20 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\yoclient
[2010/12/22 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/12/22 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/11/24 05:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/12/29 11:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/12/18 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E636D62
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:640EA6E8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7

< End of report >

OTL Extras logfile created on: 26/12/2010 10:53:45 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Ian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.29 Gb Total Space | 143.10 Gb Free Space | 79.37% Space Free | Partition Type: NTFS

Computer Name: KAREN | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Documents and Settings\Ian\Local Settings\Temp\CRY800.tmp\install.exe" = C:\Documents and Settings\Ian\Local Settings\Temp\CRY800.tmp\install.exe:*:Enabled:setup wizard -- File not found
"C:\Program Files\Codemasters\Soldiers - Heroes of World War II\SOLDIERS.EXE" = C:\Program Files\Codemasters\Soldiers - Heroes of World War II\SOLDIERS.EXE:*:Enabled:Soldiers Application -- ("Bestway" Corp)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\3da16ab\LP3da1.exe" = C:\Documents and Settings\All Users\Application Data\3da16ab\LP3da1.exe:*:Enabled:Live PC Care -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}" = Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"3D Mahjongg" = 3D Mahjongg
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Astraware Cubis for Pocket PC" = Cubis for Pocket PC
"AVG9Uninstall" = AVG 9.0
"BFG-7 Wonders of the World" = 7 Wonders of the World
"BFGC" = Big Fish Games: Game Manager
"BFG-Call of Atlantis" = Call of Atlantis
"BFG-Jewel Match" = Jewel Match
"Blast Thru Special Edition" = Blast Thru Special Edition
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"Charmed" = Charmed
"Color Wheel" = Color Wheel
"Creation Station Special Edition" = Creation Station Special Edition
"Cross Stitcher" = Cross Stitcher
"Dark Tiles" = Dark Tiles
"Dodgem" = Dodgem
"Drone" = Drone
"Drop" = Drop
"eGames Master's Edition 151" = eGames Master's Edition 151
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESDX3800 User's Guide" = ESDX3800 User's Guide
"Galaxy of Games 201" = Galaxy of Games 201
"Gems 3D" = Gems 3D
"Go-Moku" = Go-Moku
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Keno Craze Special Edition" = Keno Craze Special Edition
"Kombat Kars Special Edition" = Kombat Kars Special Edition
"Luxor 3_is1" = Luxor 3
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjongg Empire Special Edition" = Mahjongg Empire Special Edition
"Mahjongg Master 3 Special Edition" = Mahjongg Master 3 Special Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVP Solitaire Clubs Edition" = MVP Solitaire Clubs Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pocket PC Connection Wizard" = Pocket PC Connection Wizard
"Professor Wilde" = Professor Wilde
"Puzzle Master 2 Special Edition" = Puzzle Master 2 Special Edition
"Rapport_msi" = Rapport
"Rapture's King Sol" = Rapture's King Sol
"Rapture's King Sol for PocketPC" = Rapture's King Sol for PocketPC
"Tetris Worlds" = Tetris Worlds
"TomTom HOME" = TomTom HOME
"Windows CE Services" = Microsoft ActiveSync 3.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/12/2010 12:38:17 | Computer Name = KAREN | Source = ESENT | ID = 490
Description = svchost (1464) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 17/12/2010 12:38:17 | Computer Name = KAREN | Source = ESENT | ID = 470
Description = Catalog Database (1464) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 17/12/2010 15:04:19 | Computer Name = KAREN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18999, fault address 0x000ec405.

Error - 18/12/2010 11:00:40 | Computer Name = KAREN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/12/2010 11:00:40 | Computer Name = KAREN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/12/2010 11:00:43 | Computer Name = KAREN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/12/2010 05:14:32 | Computer Name = KAREN | Source = ESENT | ID = 490
Description = svchost (1472) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 22/12/2010 05:14:32 | Computer Name = KAREN | Source = ESENT | ID = 439
Description = Catalog Database (1472) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 22/12/2010 05:14:32 | Computer Name = KAREN | Source = ESENT | ID = 473
Description = Catalog Database (1472) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 24/12/2010 14:15:02 | Computer Name = KAREN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

[ System Events ]
Error - 18/12/2010 04:32:45 | Computer Name = KAREN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/12/2010 04:32:46 | Computer Name = KAREN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/12/2010 04:32:46 | Computer Name = KAREN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/12/2010 04:32:46 | Computer Name = KAREN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 18/12/2010 04:32:47 | Computer Name = KAREN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 22/12/2010 05:50:31 | Computer Name = KAREN | Source = Print | ID = 6161
Description = The document worksheet owned by Ian failed to print on printer EPSON
Stylus DX3800 Series. Data type: NT EMF 1.008. Size of the spool file in bytes:
0. Number of bytes printed: 0. Total number of pages in the document: 0. Number
of pages printed: 0. Client machine: \\KAREN. Win32 error code returned by the
print processor: 259 (0x103).

Error - 22/12/2010 05:51:30 | Computer Name = KAREN | Source = Print | ID = 6161
Description = The document worksheet owned by Ian failed to print on printer EPSON
Stylus DX3800 Series. Data type: NT EMF 1.008. Size of the spool file in bytes:
0. Number of bytes printed: 0. Total number of pages in the document: 0. Number
of pages printed: 0. Client machine: \\KAREN. Win32 error code returned by the
print processor: 259 (0x103).

Error - 23/12/2010 04:35:17 | Computer Name = KAREN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 23/12/2010 04:35:17 | Computer Name = KAREN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 26/12/2010 06:44:16 | Computer Name = KAREN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

Happy New Year


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Morning Ken ... have run the mod and report it produced is copied below (looks like it cleared a lot of stuff from temp files ? )

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andy
->Temp folder emptied: 232621183 bytes
->Temporary Internet Files folder emptied: 59719512 bytes
->Java cache emptied: 1975108 bytes
->Apple Safari cache emptied: 6567936 bytes
->Flash cache emptied: 504470 bytes

User: Andy B
->Temp folder emptied: 525613 bytes
->Temporary Internet Files folder emptied: 46431925 bytes
->Java cache emptied: 25802300 bytes
->Flash cache emptied: 492319 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 83 bytes

User: Ian
->Temp folder emptied: 16085304 bytes
->Temporary Internet Files folder emptied: 45973252 bytes
->Java cache emptied: 62252503 bytes
->Flash cache emptied: 310757 bytes

User: Karen Burrows
->Temp folder emptied: 308495552 bytes
->Temporary Internet Files folder emptied: 71097224 bytes
->Java cache emptied: 52628803 bytes
->Apple Safari cache emptied: 1213440 bytes
->Flash cache emptied: 15169 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 13051560 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 491106 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 142449 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1753833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91255770 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 243949503 bytes

Total Files Cleaned = 1,227.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 01022011_103047

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\Temporary Internet Files\Content.IE5\GRYJ8UG8\26q%3Dvehicle%2Brental%2Binspection%2Bsheets%26meta%3D&title=Breakdown%20Cover%20%3A%20Breakdown%20recovery%20services%20-%20The%20AA&cd=32&ah=738&aw=1024&sh=768&sw=1024&pd=undefined not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\Temporary Internet Files\Content.IE5\GRYJ8UG8\adlink%7C82%7C80146%7C0%7C168%7CAdId%3D1014158%3BBnId%3D2%3Bitime%3D124875867%3Bkey%3Dtimesonline%5Fgeneral%3Bkwlp3%3Dtimesonline%5Fgeneral%3Blink%3D;ord=124875867[1] not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\Temporary Internet Files\Content.IE5\BKBMCNT2\cosworth_Cars_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ50QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQga10244Z10425QQsacatZ9801QQsaprchiZQQsaprcl[1].htm not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\Temporary Internet Files\Content.IE5\BKBMCNT2\yaris_Toyota_W0QQa38ZQ2d24QQa39ZQ2d24QQa6ZQ2d24QQa85ZQ2d24QQalistZa39Q2ca41Q2ca6Q2ca85Q2ca38Q2ca3801QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfgtpZQQfpo[1].htm not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF69DC.tmp not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF69EC.tmp not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF6A6E.tmp not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF6A7E.tmp not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF6AB7.tmp not found!
File\Folder C:\Documents and Settings\Ian\Local Settings\Temp\~DF6AC7.tmp not found!
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\6KR54Q5P\showthread[1].htm moved successfully.
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


Will run a new otl scan now and copy it as well.

OTL logfile created on: 02/01/2011 10:49:12 - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Ian\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.29 Gb Total Space | 144.22 Gb Free Space | 79.99% Space Free | Partition Type: NTFS

Computer Name: KAREN | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
PRC - c:\APPS\HIDSERVICE\HidService.exe ()
PRC - C:\WINDOWS\system32\slserv.exe ( )
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe ()
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )
SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Vireo Software)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys ( )
DRV - (UPATC) -- C:\WINDOWS\system32\drivers\upatc.sys (SCM Microsystems Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60204

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.metoffice.gov.uk/weather/uk/uk_forecast_weather.html
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/01/02 10:34:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Ian\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Ian\Desktop\WH GBP Casino.lnk File not found
O9 - Extra 'Tools' menuitem : WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Ian\Desktop\WH GBP Casino.lnk File not found
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\awtroMEt: DllName - awtroMEt.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqPhHBS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9c6a633a-cfee-11dc-baf6-0016e3c5b08b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 10:30:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/26 10:52:19 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe
[2010/12/26 10:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\Scans Logs
[2010/12/26 10:20:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/26 10:20:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/26 10:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/18 08:28:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/18 08:28:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/18 08:28:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\pumppics
[2010/12/15 18:51:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 18:46:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/06 16:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/06 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/06 16:43:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt-setup.exe
[2010/12/04 12:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\bikepics
[2005/08/29 11:11:24 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1979/12/31 23:00:00 | 001,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1979/12/31 23:00:00 | 000,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1979/12/31 23:00:00 | 000,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1979/12/31 23:00:00 | 000,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1979/12/31 23:00:00 | 000,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

========== Files - Modified Within 30 Days ==========

[2011/01/02 10:46:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\prvlcl.dat
[2011/01/02 10:40:57 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/02 10:40:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/02 10:40:11 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/02 10:34:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/02 10:13:55 | 069,624,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/01/01 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/01 17:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/01/01 17:55:01 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Budget.xls
[2011/01/01 17:55:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/01 11:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/01/01 07:54:49 | 000,641,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/12/28 11:24:03 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Static Project.xls
[2010/12/26 10:52:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe
[2010/12/26 10:20:12 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 10:05:59 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Business Plan.lnk
[2010/12/26 10:05:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Internet Explorer.lnk
[2010/12/23 15:02:17 | 000,035,692 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\worksheet.ods
[2010/12/22 23:59:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/12/22 10:33:23 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning CClear.doc
[2010/12/21 10:49:46 | 005,497,856 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\IanHornbyJust3ClicksEbooks(1).xls
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 13:57:48 | 000,029,874 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\DEBTLIST CC.ods
[2010/12/19 08:41:15 | 000,030,201 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\PRE worksheet.ods
[2010/12/18 09:57:43 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning.doc
[2010/12/16 08:24:40 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 07:42:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/07 20:15:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/06 16:45:32 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/06 16:45:20 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk
[2010/12/06 16:43:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt-setup.exe

========== Files Created - No Company Name ==========

[2010/12/27 11:54:21 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Static Project.xls
[2010/12/26 10:20:12 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 10:05:59 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Business Plan.lnk
[2010/12/26 10:05:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Internet Explorer.lnk
[2010/12/22 10:15:38 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning CClear.doc
[2010/12/18 09:57:43 | 000,195,584 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\December Window Cleaning.doc
[2010/12/13 18:13:49 | 000,718,445 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\fittings.JPG
[2010/12/07 16:40:46 | 000,029,874 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\DEBTLIST CC.ods
[2010/12/06 16:45:32 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/06 16:45:20 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk
[2010/02/17 21:52:58 | 000,000,016 | ---- | C] () -- C:\WINDOWS\cstitcher.ini
[2009/04/23 00:28:19 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/23 00:28:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/04/22 22:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\prvlcl.dat
[2008/09/24 16:36:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/26 12:17:22 | 001,158,934 | -HS- | C] () -- C:\WINDOWS\System32\fxacgugw.ini
[2008/05/23 19:15:27 | 001,158,874 | -HS- | C] () -- C:\WINDOWS\System32\kuualbfl.ini
[2008/05/23 19:14:21 | 001,155,146 | -HS- | C] () -- C:\WINDOWS\System32\vskrtyan.ini
[2008/05/22 19:23:50 | 001,229,216 | -HS- | C] () -- C:\WINDOWS\System32\xeraicbu.ini
[2008/05/19 05:35:36 | 000,794,221 | -HS- | C] () -- C:\WINDOWS\System32\bccLknpo.ini
[2008/05/17 11:51:59 | 000,803,678 | -HS- | C] () -- C:\WINDOWS\System32\ayyadfhk.ini
[2008/05/16 17:35:50 | 000,781,730 | -HS- | C] () -- C:\WINDOWS\System32\noVEdMoq.ini
[2008/05/13 20:40:01 | 000,661,650 | -HS- | C] () -- C:\WINDOWS\System32\MnWGNnmp.ini
[2008/05/13 19:43:28 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\sgdvpwwj.ini
[2008/05/13 15:26:30 | 000,395,263 | -HS- | C] () -- C:\WINDOWS\System32\SBHhPqss.ini
[2007/08/15 18:53:17 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2007/03/31 20:13:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/02/22 09:58:49 | 000,001,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/20 23:32:22 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/10/15 19:18:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2006/09/07 21:39:58 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/09 09:23:13 | 000,000,251 | ---- | C] () -- C:\WINDOWS\CAPWIN.INI
[2006/02/25 10:08:36 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\attfd42.dll
[2005/12/27 10:31:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/09/10 15:41:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/10 15:15:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/09/10 15:14:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2005/09/10 14:50:28 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2005/08/29 11:41:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/29 11:26:12 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/08/29 11:17:19 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/29 11:11:24 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/08/29 11:11:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/08/29 11:11:24 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/07 17:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 16:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/23 13:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1979/12/31 23:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1979/12/31 23:00:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E636D62
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:640EA6E8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7

< End of report >

It looks like the crawler toolbar was not removed, but lets not worry about it now, it falls somewhere in the gray area.

Your hosts file was reset so you should not be getting any redirects any longer, let me know if you still are.

There are a bunch of strange .ini files on your log from 2008, but sometimes malware writers can alter the file to change a date, just check these two and we can go from there.

You need to enable windows to show all files and folders, instructions

Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

C:\WINDOWS\System32\fxacgugw.ini
C:\WINDOWS\System32\kuualbfl.ini


If the site is busy you can try this one
http://virusscan.jotti.org/en

Antivirus Version Last Update Result
AhnLab-V3 2011.01.02.00 2011.01.01 -
AntiVir 7.11.0.248 2011.01.01 -
Antiy-AVL 2.0.3.7 2011.01.02 -
Avast 4.8.1351.0 2011.01.02 -
Avast5 5.0.677.0 2011.01.02 -
AVG 9.0.0.851 2011.01.02 -
BitDefender 7.2 2011.01.02 -
CAT-QuickHeal 11.00 2011.01.02 -
ClamAV 0.96.4.0 2011.01.01 -
Command 5.2.11.5 2011.01.01 -
Comodo 7270 2011.01.02 -
DrWeb 5.0.2.03300 2011.01.02 -
Emsisoft 5.1.0.1 2011.01.02 -
eSafe 7.0.17.0 2010.12.30 -
eTrust-Vet 36.1.8074 2010.12.31 -
F-Prot 4.6.2.117 2011.01.01 -
F-Secure 9.0.16160.0 2011.01.02 Trojan:INI/Vundo.gen!F
Fortinet 4.2.254.0 2011.01.02 -
GData 21 2011.01.02 -
Ikarus T3.1.1.90.0 2011.01.02 -
Jiangmin 13.0.900 2011.01.02 -
K7AntiVirus 9.75.3406 2010.12.31 -
Kaspersky 7.0.0.125 2011.01.02 -
McAfee 5.400.0.1158 2011.01.02 -
McAfee-GW-Edition 2010.1C 2011.01.01 -
Microsoft 1.6402 2011.01.02 -
NOD32 5752 2011.01.01 Win32/Adware.Virtumonde.NEO
Norman 6.06.12 2011.01.01 -
nProtect 2011-01-02.01 2011.01.02 -
Panda 10.0.2.7 2011.01.02 -
PCTools 7.0.3.5 2011.01.02 -
Prevx 3.0 2011.01.02 -
Rising 22.80.04.04 2010.12.31 -
Sophos 4.60.0 2011.01.02 -
SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
Symantec 20101.3.0.103 2011.01.02 -
TheHacker 6.7.0.1.109 2010.12.30 -
TrendMicro 9.120.0.1004 2011.01.02 Mal_VundoG
TrendMicro-HouseCall 9.120.0.1004 2011.01.02 Mal_VundoG
VBA32 3.12.14.2 2010.12.30 -
VIPRE 7920 2011.01.02 -
ViRobot 2010.12.31.4232 2011.01.02 -
VirusBuster 13.6.122.0 2011.01.01 -
Additional informationShow all
MD5 : 5cf0a3a5645dab8e705bdabd173c6226
SHA1 : 19d5a170ea5e02ac16f04dbf0f260eb0a3725942
SHA256: ae63692fac92f6c6b21ad9019c58689bfe5b2810102cbfeb6ca92209f0cf2841
ssdeep: 12288:YSoPFSVwYMUVU0R9TkSkJckTkfALW//7bF:YSoPFnvSU0R9h
File size : 1158934 bytes
First seen: 2011-01-02 12:16:44
Last seen : 2011-01-02 12:16:44
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

Antivirus Version Last Update Result
AhnLab-V3 2011.01.02.00 2011.01.01 -
AntiVir 7.11.0.248 2011.01.01 -
Antiy-AVL 2.0.3.7 2011.01.02 -
Avast 4.8.1351.0 2011.01.02 -
Avast5 5.0.677.0 2011.01.02 -
AVG 9.0.0.851 2011.01.02 -
BitDefender 7.2 2011.01.02 -
CAT-QuickHeal 11.00 2011.01.02 -
ClamAV 0.96.4.0 2011.01.01 -
Command 5.2.11.5 2011.01.01 -
Comodo 7270 2011.01.02 -
DrWeb 5.0.2.03300 2011.01.02 -
Emsisoft 5.1.0.1 2011.01.02 -
eSafe 7.0.17.0 2010.12.30 -
eTrust-Vet None 2010.12.31 -
F-Prot 4.6.2.117 2011.01.01 -
F-Secure 9.0.16160.0 2011.01.02 Trojan:INI/Vundo.gen!F
Fortinet 4.2.254.0 2011.01.02 -
GData 21 2011.01.02 -
Ikarus T3.1.1.90.0 2011.01.02 -
Jiangmin 13.0.900 2011.01.02 -
K7AntiVirus 9.75.3406 2010.12.31 -
Kaspersky 7.0.0.125 2011.01.02 -
McAfee 5.400.0.1158 2011.01.02 -
McAfee-GW-Edition 2010.1C 2011.01.01 -
Microsoft 1.6402 2011.01.02 -
NOD32 5752 2011.01.01 Win32/Adware.Virtumonde.NEO
Norman 6.06.12 2011.01.01 -
nProtect 2011-01-02.01 2011.01.02 -
Panda 10.0.2.7 2011.01.02 -
PCTools 7.0.3.5 2011.01.02 -
Prevx 3.0 2011.01.02 -
Rising 22.80.04.04 2010.12.31 -
Sophos 4.60.0 2011.01.02 -
SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
Symantec 20101.3.0.103 2011.01.02 -
TheHacker 6.7.0.1.109 2010.12.30 -
TrendMicro 9.120.0.1004 2011.01.02 Mal_VundoG
TrendMicro-HouseCall 9.120.0.1004 2011.01.02 Mal_VundoG
VBA32 3.12.14.2 2010.12.30 -
VIPRE 7920 2011.01.02 -
ViRobot 2010.12.31.4232 2011.01.02 -
VirusBuster 13.6.122.0 2011.01.01 -
Additional informationShow all
MD5 : 0006c966f24039d668b456f823ebe9e4
SHA1 : 65a65f038edf98bca337619828fe7ac6911268db
SHA256: 6c16e04894ceae43526f491f21cc87858938489afc2281211191efb0181e080b
ssdeep: 12288:BSoPFSVwYMUVU0R9TkSkJckTkfALW//7bm:BSoPFnvSU0R9i
File size : 1158874 bytes
First seen: 2011-01-02 12:20:29
Last seen : 2011-01-02 12:20:29
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

Hi Ken .... done those 2 files and result attached.

And like magic no more redirects !!!!!!!!!!!!!! very happy thank you !!!!!!:laugh:

Great, these are just ini files and looks like they are leftover from an earlier infection.

What I would like you to do is to just delete them and leave them in the Recycle bin, after a few reboots if no problems than you can empty the RB.

Make sure windows is still enabled to show all files and folders

C:\WINDOWS\System32\fxacgugw.ini
C:\WINDOWS\System32\kuualbfl.ini
C:\WINDOWS\System32\vskrtyan.ini
C:\WINDOWS\System32\xeraicbu.ini
C:\WINDOWS\System32\bccLknpo.ini
C:\WINDOWS\System32\ayyadfhk.ini
C:\WINDOWS\System32\noVEdMoq.ini
C:\WINDOWS\System32\MnWGNnmp.ini
C:\WINDOWS\System32\sgdvpwwj.ini
C:\WINDOWS\System32\SBHhPqss.ini
C:\WINDOWS\System32\bcmwlhom.ini
C:\WINDOWS\System32\YCRWin32.dll

Hi Ken .... ok deleted all them ini files and the one dll

Anything else I need to do ?

Thanks for all u have done so far !!

Lets just sweep for leftovers .


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Hi Ken below is the report from Malwarebytes

Unfortunatel computer kept hanging when tried to download ESET ??


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5449

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/01/2011 19:09:16
mbam-log-2011-01-03 (19-09-16).txt

Scan type: Quick scan
Objects scanned: 177370
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think your good to go.

Open OTL and click on Cleanup and it will remove the programs we used to clean your system along with there backups.




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Ken ..... THANKYOU !!!!!! computer all ok and not redirecting ... you have saved me buying a new computer as was getting to the point of giving up :thanks:

Your very welcome Ian

Take care,
Ken :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.