View Full Version : Computer infected
Hi, my son woke me this morning with the cry of `the computer has a funny screen`
It appears to have been infected with something as it displays a blue background with small font binary code all over the screen. There is a large font red message saying `Warning! your`re in danger! your computer is infectedwith spyware!` followed by a whole load of writing about how nasty thesethings can be.
There is also a pop-up relating to System Tool which appears to be a prgram to fix my pc if I pay the registration fee.
I have AVG 2011 as my registered avti-virus software and also have spybot loaded which I run occasionally.
I tried booting in safe mode and doing a virus scan and ran spybot, which I hoped would clean tings up. However I still get the original problem and when booted\normall my pc will not allow me to run any program. If I try to open spybot I get a pop-up saying that the spybot.exe program is infected and the System Tool protect your pc screen pops-up.
I tried to run DDS but the same thing happens, I get a pop-up saying that DDS.exe is infected.
Can you please help me with this as it is way beyond my capabilities.
Regards
Andy
redcar92
2011-02-19, 04:38
Hello and welcome to Safer Networking.
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.
Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.
Please bear with me, I will post back to you as soon as I can.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Thanks,
Bill
Hi Bill,
Glad to have you onboard. It looks as though I am going to be sent over to Toulouse in France for a week from Tuesday 22nd Feb until about Tuesday 1st March. I may therefore be unable to follow your instructions during that time, but I will keep in touch as I will still be monitoring my home e-mail from my laptop while I'm away.
Regards
Andy
redcar92
2011-02-19, 21:21
Greetings andye,
Can you rename DDS.exe to DDS.com and try running it.
If doesn't work, can you boot to Safe Mode run DDS, save the log then boot normal to post log?
Thanks,
Bill
Hi Bill, here is the DDS Log as requested for the infected computer. Please note that I can't get the infected computer online as it will not run any program that I try to start so I am using a floopy to transfer files to an old laptop for posting here.
DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Administrator at 11:24:17.81 on 20/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.3178 [GMT 0:00]
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
A:\dds.com
============== Pseudo HJT Report ===============
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Apps-O-Rama Toolbar: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - c:\program files\apps-o-rama\tbApps.dll
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - f:\program files\reget software\reget deluxe\IEBar.dll
TB: Apps-O-Rama Toolbar: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - c:\program files\apps-o-rama\tbApps.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG_TRAY] f:\program files\avg\avg10\avgtray.exe
mRun: [EPSON Stylus Photo RX640 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [zBrowser Launcher] f:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] f:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SAITEKAUTOCONFIGURE] f:\program files\saitek\saitek gaming extensions\saicnfig.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [TkBellExe] "f:\program files\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - f:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\WhlLSP.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287938974218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: {16664848-0E00-11D2-8059-000000000000} - No File
mASetup: {QKR8I81X-XGC8-7JRM-WJCS-A7G01L841FW3} - c:\windows\system32\install\svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
S2 avgfws;AVG Firewall;f:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;f:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;f:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;f:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-24 517448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
=============== Created Last 30 ================
2011-02-20 11:10:29 -------- d--h--w- c:\windows\PIF
2011-02-18 10:45:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-18 10:45:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-18 00:09:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\gKbJpJi01805
2011-02-17 19:23:20 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-03 17:38:58 -------- d-----w- c:\program files\MSECache
2011-01-30 14:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-22 22:57:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\gPaEc01817
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
==================== Find3M ====================
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
============= FINISH: 11:25:16.14 ===============
Regards
Andy
redcar92
2011-02-22, 04:38
Hello andye,
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe
Note: to restore your registry, go to the backup folder and start ERDNT.exe
Next
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/mbam/mbam-setup.exe).
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Thanks
Bill
redcar92
2011-02-25, 02:01
Keep alive post.
redcar92
2011-03-01, 05:26
Keep alive post
Hi Bill,
Thankyou for your patience, I have just got back from a business trip overseas and have tried doing as instructed with the following results:
The ERUNT bit appears to work ok.
I also note that at this time, when I booted up the computer everything appears to be normal. My AVG now operates as normal as does everything else; it appears that the computer has no longer got the reported problem, although I have done nothing to fix it, it has just not been turned on for about 8 days!
When I click the link to the Malwarebytes Anti-Malware software I end up with an icon labelled ARO2011_bt which is not as stated in your post mbam-setup.exe. Is this correct?
Regards
Andy
redcar92
2011-03-04, 04:48
Hello andye, Welcome back and hope you had a pleasant trip.
:confused:
Try downloading MalwareBytes from here http://malwarebytes.org/ (http://malwarebytes.org/) . Click on the Blue Free version. Then run and post results as requested before.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill, the trip was pretty good thanks.
I have downloaded and run MalwareBytes as asked, it worked perfectly from that link. Here is the resulting report as requested.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5950
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
04/03/2011 11:47:36
mbam-log-2011-03-04 (11-47-36).txt
Scan type: Quick scan
Objects scanned: 163672
Time elapsed: 4 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Andy\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Regards
Andy
redcar92
2011-03-05, 02:12
Greetings andye,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
redcar92
2011-03-08, 05:29
Hello andye,
Do you still need assistance?
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill, I very much appreciate your assistance and patience. Sorry for not getting back sooner but I had to go on a little mission to rescue a broken aeroplane. Thats what I do as a job and it gets in the way of things quite often due to the very short notice with which I am often required to fly to far flung places where our planes end up when things go wrong.
I have done the OTL scans and here are the results:
OTL logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - F:\Program Files\ReGet Software\ReGet Deluxe\ReGetDx.exe (ReGet Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)
========== Modules (SafeList) ==========
MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 6F 76 71 04 D9 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/18 00:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/08 16:46:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:46:41 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:33:45 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/08 16:15:33 | 004,924,323 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/08 16:15:28 | 000,114,100 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/08 15:32:12 | 108,043,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/06 01:09:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/05 22:33:18 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 22:32:14 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/04 11:28:45 | 000,647,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:36:13 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/24 15:40:55 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2010/10/24 15:40:55 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2010/10/24 15:40:55 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2010/10/24 15:40:55 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2010/10/24 15:40:55 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/10/24 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/23 14:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 16:02:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/02 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/01/23 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gPaEc01817
[2011/01/03 21:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/05 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/24 16:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/03 21:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/08 16:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/25 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/11/16 22:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/21 19:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG
[2010/10/24 16:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG10
[2010/12/02 15:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\EPSON
[2011/03/05 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/01/03 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Nokia
[2011/01/03 21:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\PC Suite
[2011/03/08 16:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\ReGet Software
[2011/03/04 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2010/11/09 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\TSO
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
< End of report >
and here is the other file:
OTL Extras logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\AVG\AVG10\avgmfapx.exe" = F:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe" = F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:*:Enabled:Zuma -- ()
"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"F:\Program Files\AVG\AVG10\avgdiagex.exe" = F:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgnsx.exe" = F:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgam.exe" = F:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgemcx.exe" = F:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E759E7-7ACF-B383-D701-7B1759DC7FE7}" = Catalyst Control Center Graphics Light
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{11B7664A-8D1F-C035-97F5-ADFD7DF6702F}" = CCC Help Russian
"{167E4A06-F407-11D3-95F5-0080AD910D79}" = Saitek Gaming Extensions
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D6AC4CC-800F-BF55-1392-5BB72F4954BF}" = Catalyst Control Center Core Implementation
"{1E3FC888-BF38-FC2F-EF5D-F36D824D7F02}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2BE7E2D0-5A83-8DD2-36C0-FE0835839195}" = CCC Help Swedish
"{2E33FE3D-EBDC-DF7E-FFDD-1C18F66EE519}" = CCC Help Dutch
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3904455A-8B34-B93D-7BA3-C94AE685E5AC}" = Catalyst Control Center HydraVision Full
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6B751AEA-D37F-4246-9CF1-D37B429FDFD3}" = AVG 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{791A0C6A-6D4B-5D52-0D24-A54FEBD46C50}" = Catalyst Control Center Graphics Previews Common
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"{79FDB4DB-9BF6-68B0-0452-7B7CD5AB527E}" = CCC Help Danish
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84247579-2954-53BE-2085-DE7777D94B1D}" = CCC Help Polish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87EADE06-A8B2-7555-395F-C255D32C8852}" = ccc-core-preinstall
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A0E9DE0-F404-1ABC-B0B4-2C746BDABF8A}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCEA09B-7780-EF26-9238-977C85955B36}" = CCC Help English
"{9DA25CA7-605F-699E-D508-9357FCE9CC7C}" = CCC Help Hungarian
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9EE499D3-FCF9-354A-8BB5-CE6E440D7FC6}" = CCC Help Japanese
"{A07A6DA9-9E07-C8E7-C059-CF14945B8E56}" = CCC Help Korean
"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22EEDC4-854E-B9B0-C521-22B1F91269CC}" = CCC Help Finnish
"{A2562A9F-77A7-511D-6971-D9E5AD9F5AAE}" = CCC Help Chinese Standard
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A730D772-7053-4139-D3BB-A60C542A0415}" = ccc-utility
"{A7A12A19-95F8-ACDA-BC8A-3BF502C3EDBA}" = Catalyst Control Center Graphics Full New
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AAE35979-4BB3-430D-A916-F1C13E52491D}" = ATI AVIVO Codecs
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BA46BAAF-E957-6971-442A-3497EF14E1D0}" = CCC Help Thai
"{BC8C9954-78B4-E908-E0B2-E6A76F9D16C1}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C607CC3A-E936-CDD7-5829-D1207AE1943A}" = Skins
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CD886A30-47A2-A46F-DF9A-36C2B7F5CA13}" = CCC Help Greek
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF4732B9-51EA-D757-641D-635FBE2AA31A}" = CCC Help German
"{D176DE67-4A5A-7C87-F756-47E053A3DB6D}" = CCC Help Czech
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D73C1B47-5F0B-45B4-FC0C-13BEA4C92286}" = CCC Help Turkish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DE97C156-A085-3C21-A8C5-B7B7B700CA16}" = ccc-core-static
"{E122AF5F-7A54-FE09-BFAD-9145841CE42B}" = CCC Help Portuguese
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6887417-BCDE-7D66-2D22-071AC86628BB}" = CCC Help French
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBFEDB88-70CA-82ED-ACE5-B7E76DB770C6}" = Catalyst Control Center Localization All
"{EDE9FFF4-8711-C7FE-CB53-CBBE4754030D}" = Catalyst Control Center Graphics Full Existing
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F8B38325-9477-C4AB-93ED-3B98EFFACE96}" = CCC Help Spanish
"{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Apps-O-Rama Toolbar" = Apps-O-Rama Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX640 User's Guide" = ESPRX640 User's Guide
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"GoodMEM" = GoodMEM
"InfoView" = InfoView
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"i-Speeder" = i-Speeder
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileDB with MobileDB-Excel" = MobileDB with MobileDB-Excel
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Rocket Mania Deluxe 1.01" = Rocket Mania Deluxe 1.01
"SHOWCASE" = Feature Showcase Demo
"SysInfo" = Creative System Information
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe" = Zuma Deluxe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"ReGetDx" = ReGet Deluxe
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24/12/2010 18:57:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 26/12/2010 08:46:05 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 27/12/2010 17:12:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/12/2010 15:25:47 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/12/2010 15:25:48 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/12/2010 16:34:00 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/01/2011 13:13:07 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 09/01/2011 12:46:37 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 19/01/2011 14:16:15 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 21/01/2011 10:31:50 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Regards
Andy
redcar92
2011-03-10, 02:39
Hello andye, :bigthumb:
Please open OTL.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the window under Custom Scans/Fixes copy and paste the following
c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
c:\documents and settings\all users\application data\gPaEc01817\*.* /s
c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
c:\documents and settings\all users\application data\gPaEc01817\*.* /s
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
Thanks
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill :bigthumb:
Ok I've done that and here is the file:
OTL logfile created on: 10/03/2011 18:21:03 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.41 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS
Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805
< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817
< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805
< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817
< End of report >
Regards
Andy
redcar92
2011-03-11, 05:02
Hello Andy,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Files
c:\Documents and Settings\All Users\Application Data\gKbJpJi01805
c:\Documents and Settings\All Users\Application Data\gPaEc01817
:Commands
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
When complete please post how your PC is behaving now.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill,
Ok I've done that and here is the log:
OTL logfile created on: 11/03/2011 10:33:47 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.20 Gb Free Space | 83.15% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS
Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)
========== Modules (SafeList) ==========
MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 4E FD B1 1C DF CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/11 10:33:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:05 | 004,923,423 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/11 10:32:34 | 000,116,708 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/11 10:32:09 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/11 10:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/11 09:36:07 | 000,647,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/11 09:36:06 | 108,311,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/11 09:33:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/11 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/11 00:23:40 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/10 18:15:52 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/10 11:59:51 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/09 22:23:13 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 22:25:22 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/10 18:15:52 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/08 22:25:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
< End of report >
While the scan was running it stopped and gave me a pop-up that said:
Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
then 3 option buttons Cancel Try Again Continue
I hit continue and the pop-up remained, I hit continue 4 more times and the scan commenced.
I will let you know a little later today how the computer is operating as I need to pop out for a couple of hours now.
Regards
Andy
redcar92
2011-03-13, 16:01
Hi Andy,
How is your PC behaving now?
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill,
The computer appears to be behaving itself and operating ok now thanks. I have not noticed any strange behaviour and all the programs that I usually run appear to be operating ok.
It looks as though you have done a great job and fixed the problem for me.:thanks:
Regards
Andy
redcar92
2011-03-15, 16:47
Hello andye, :bigthumb:
Really looking good now. Time for some clean up.
Your Java appears to be down level.
Navigate to Control Panel then open on Programs and Features (Vista / Windows7), or Add Remove Programs (XP).
Highlight each Java item listed then Remove or Uninstall.
Visit this site (http://www.java.com/en/download/index.jsp) to down load and install the latest Java.
Next
To clear the Java Plug-in cache:
Click Start > Control Panel.
Double-click the Java icon in the control panel.
On the General tab, Click Settings under Temporary Internet Files.
On the Temporary Files Settings screen, Click Delete Files.
check all boxes
Click OK
Reboot the computer.
Next
You Adobe Reader is also a bit down level.
Please visit this site http://get.adobe.com/reader/ to download and install the latest Adobe.
Run OTL.exe, this will remove old and possibly infected restore points and create a new one.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Commands
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Next
Clean up with OTL: this will remove OTL and DDS.
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
You may remove ERUNT by using Control Panel -> Add Remove programs.
You should keep MalwaerBytes, run it periodically making sure to update before scanning. If you wish you may remove MalwareByes using the same method as ERUNT.
Lastly
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer More Secure
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab.
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt.
Change the Download unsigned ActiveX controls to Disable.
Change the Initialise and script ActiveX controls not marked as safe to Disable.
Change the Installation of desktop items to Prompt.
Change the Launching programs and files in an IFRAME to Prompt.
Change the Navigate sub-frames across different domains to Prompt.
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
3. Make sure you keep your Windows OS current by visiting Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.
4. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
5. Download and install the free version of WinPatrol (http://www.winpatrol.com/). This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial (http://www.winpatrol.com/features.html) to help you get started with the program.
6. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware (http://forum.malwareremoval.com/viewtopic.php?t=13)
7. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Again thanks for your patience and hard work, surf safe,
Bill :thanks:
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill,:confused:
I tried to do the Java and when I click on uninstal I get a message saying 'another installation is already in progress. Complete that installation before proceeding with this install'
I can't seem to uninstall Java.
Also, the windows updater keeps giving me a pop-up syaing that 'updating your computer is almost complete. You must restart your computer for the updates to take effect'. I have restarted it several times and each time I get the same message back again.
Regards
Andy
redcar92
2011-03-18, 16:47
Hi Andy, sorry to hear of you problems:sad:
Can you right click on an empty part of the Task Bar (bottom of Desktop with Start on left and clock on the left) then left click on Task Manager. Click on Processes tap then click on Image Name to put processes in alphabetical order.
Then see how many instances of Msiexec.exe are listed and post back with the number please.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill,
Just the one instance of Msiexec.exe running.
Since turning the pc on about 2 hours ago I have not had any pop-ups relating to windows updater either.
Regards
Andy
redcar92
2011-03-18, 18:57
Are you able to get Java straightened out?
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill,
I'll just try downloading and installing it again
Hi again Bill,
Ok I just tried installing it and I get a Java setup pop-up saying
Error 1304. Error writing to file C:\Program Files\Java\jre6\zipper.exe. Verify that you have access to that directory.
I have looked at the specified file address and when I open the jre6 file it is empty.
Regards
Andy
redcar92
2011-03-19, 02:23
Hello Andy
Try doing a cold boot, (power off) then power on, make sure there is no java in Add Remove Programs, delete c:\Programs and Files\Java. Then go to java.com and click on downloads, follow on screen instructions. If that doesn't work, please let me know, I have a backup plan also.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hi Bill :greeting:
Looks like we are on a roll now, I have done as instructed and have now got Java successfully installed.
I assume you would like me to continue with the instructions you sent me regarding getting things updated and tidied up.
Regards
Andy
redcar92
2011-03-19, 15:44
Yes please, and let me know how it all goes so I can close the tread when you are done and satisfied with the results.
Thanks,
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
Hiya Bill, :bow:
I have done all the mentioned bits, here is the OTL log as requested:
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 28755 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: All Users
User: Andy
->Temp folder emptied: 135769512 bytes
->Temporary Internet Files folder emptied: 178450854 bytes
->Java cache emptied: 1704279 bytes
->Flash cache emptied: 45581 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2169250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65064024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53102 bytes
RecycleBin emptied: 45138852 bytes
Total Files Cleaned = 410.00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.22.3 log created on 03192011_193417
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Andy\Local Settings\Temp\WCESLog.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
IE Settings were already as stated.
Anti-virus up to date and auto updates every 24 hours.
Windows update needed a couple of tweeks for sure.
Not done the Custom Hosts File thing yet.... to be honest I didn't totally understand it and need to go and read it again.....
WinPatrol now in place.
Spybot has been a resident on my system for a long time
I do believe that you have `aced` this one Bill, many thanks to you, you truly are a genius.
Regards
Andy
redcar92
2011-03-22, 16:51
Hello andye,
Disregard the MVPS Host section and do the following, it is easier to Understand.
Download the HostsXpert 4.3 - Hosts File Manager (http://www.funkytoad.com/download/HostsXpert.zip).
Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert**- Hosts File Manager from its new home
Click "Make ReadOnly?"** in the upper left corner.
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Thanks
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)]
Hi Bill,
Thanks for that update, I have downloaded and don as instructed with that Hosts File Manager.
My pc appears to be running ok still.
Many thanks once again for your invaluable assistance with this problem.
Regards
Andy
redcar92
2011-03-26, 22:40
Well done Andy, :bigthumb: :clap:
Thank you again for your patience and hard work. This thread will close in a day or two.
Thanks, :thanks:
Bill
In Training at WTT Classroom (http://forums.whatthetech.com/forums.html)
oldman960
2011-03-27, 20:06
Since this issue appears to be resolved ... this Topic has been closed.