Computer infected

Status
Not open for further replies.
A

andye

New member
Hi, my son woke me this morning with the cry of `the computer has a funny screen`
It appears to have been infected with something as it displays a blue background with small font binary code all over the screen. There is a large font red message saying `Warning! your`re in danger! your computer is infectedwith spyware!` followed by a whole load of writing about how nasty thesethings can be.
There is also a pop-up relating to System Tool which appears to be a prgram to fix my pc if I pay the registration fee.

I have AVG 2011 as my registered avti-virus software and also have spybot loaded which I run occasionally.

I tried booting in safe mode and doing a virus scan and ran spybot, which I hoped would clean tings up. However I still get the original problem and when booted\normall my pc will not allow me to run any program. If I try to open spybot I get a pop-up saying that the spybot.exe program is infected and the System Tool protect your pc screen pops-up.

I tried to run DDS but the same thing happens, I get a pop-up saying that DDS.exe is infected.

Can you please help me with this as it is way beyond my capabilities.

Regards

Andy
 
Hello and welcome to Safer Networking.
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

  • Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Thanks,
Bill
 
Hi Bill,

Glad to have you onboard. It looks as though I am going to be sent over to Toulouse in France for a week from Tuesday 22nd Feb until about Tuesday 1st March. I may therefore be unable to follow your instructions during that time, but I will keep in touch as I will still be monitoring my home e-mail from my laptop while I'm away.

Regards

Andy
 
Greetings andye,
Can you rename DDS.exe to DDS.com and try running it.
If doesn't work, can you boot to Safe Mode run DDS, save the log then boot normal to post log?

Thanks,
Bill
 
DDS Log

Hi Bill, here is the DDS Log as requested for the infected computer. Please note that I can't get the infected computer online as it will not run any program that I try to start so I am using a floopy to transfer files to an old laptop for posting here.


DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Administrator at 11:24:17.81 on 20/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.3178 [GMT 0:00]

AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
A:\dds.com

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Apps-O-Rama Toolbar: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - c:\program files\apps-o-rama\tbApps.dll
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - f:\program files\reget software\reget deluxe\IEBar.dll
TB: Apps-O-Rama Toolbar: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - c:\program files\apps-o-rama\tbApps.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG_TRAY] f:\program files\avg\avg10\avgtray.exe
mRun: [EPSON Stylus Photo RX640 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAME.EXE /P31 "EPSON Stylus Photo RX640 Series" /O6 "USB001" /M "Stylus Photo RX640"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [zBrowser Launcher] f:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] f:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SAITEKAUTOCONFIGURE] f:\program files\saitek\saitek gaming extensions\saicnfig.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [TkBellExe] "f:\program files\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - f:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\WhlLSP.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287938974218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - f:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: {16664848-0E00-11D2-8059-000000000000} - No File
mASetup: {QKR8I81X-XGC8-7JRM-WJCS-A7G01L841FW3} - c:\windows\system32\install\svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
S2 avgfws;AVG Firewall;f:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
S2 AVGIDSAgent;AVGIDSAgent;f:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;f:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;f:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-24 517448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

=============== Created Last 30 ================

2011-02-20 11:10:29 -------- d--h--w- c:\windows\PIF
2011-02-18 10:45:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-18 10:45:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-18 00:09:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\gKbJpJi01805
2011-02-17 19:23:20 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2011-02-03 17:38:58 -------- d-----w- c:\program files\MSECache
2011-01-30 14:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-22 22:57:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\gPaEc01817
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 11:25:16.14 ===============


Regards

Andy
 
Hello andye,

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Next
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Thanks
Bill
 
Hi Bill,

Thankyou for your patience, I have just got back from a business trip overseas and have tried doing as instructed with the following results:

The ERUNT bit appears to work ok.

I also note that at this time, when I booted up the computer everything appears to be normal. My AVG now operates as normal as does everything else; it appears that the computer has no longer got the reported problem, although I have done nothing to fix it, it has just not been turned on for about 8 days!

When I click the link to the Malwarebytes Anti-Malware software I end up with an icon labelled ARO2011_bt which is not as stated in your post mbam-setup.exe. Is this correct?

Regards

Andy
 
Hi Bill, the trip was pretty good thanks.

I have downloaded and run MalwareBytes as asked, it worked perfectly from that link. Here is the resulting report as requested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5950

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/03/2011 11:47:36
mbam-log-2011-03-04 (11-47-36).txt

Scan type: Quick scan
Objects scanned: 163672
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Andy\application data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.


Regards

Andy
 
Greetings andye,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thanks,
Bill
In Training at WTT Classroom
 
Hi Bill, I very much appreciate your assistance and patience. Sorry for not getting back sooner but I had to go on a little mission to rescue a broken aeroplane. Thats what I do as a job and it gets in the way of things quite often due to the very short notice with which I am often required to fly to far flung places where our planes end up when things go wrong.

I have done the OTL scans and here are the results:

OTL logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - F:\Program Files\ReGet Software\ReGet Deluxe\ReGetDx.exe (ReGet Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)


========== Modules (SafeList) ==========

MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 6F 76 71 04 D9 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/18 00:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 16:46:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:46:41 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/08 16:33:45 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/08 16:15:33 | 004,924,323 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/08 16:15:28 | 000,114,100 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:14:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/08 16:13:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:13:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/08 15:32:12 | 108,043,993 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/06 01:09:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/05 22:33:18 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 22:32:14 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/04 11:28:45 | 000,647,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:36:13 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/24 15:40:55 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2010/10/24 15:40:55 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2010/10/24 15:40:55 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2010/10/24 15:40:55 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2010/10/24 15:40:55 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/24 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/23 14:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 16:02:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/02 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gKbJpJi01805
[2011/01/23 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gPaEc01817
[2011/01/03 21:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/05 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/24 16:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/03 21:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/08 16:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/25 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/11/16 22:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/21 19:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG
[2010/10/24 16:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\AVG10
[2010/12/02 15:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\EPSON
[2011/03/05 15:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/01/03 21:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Nokia
[2011/01/03 21:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\PC Suite
[2011/03/08 16:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\ReGet Software
[2011/03/04 11:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2010/11/09 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\TSO
[2011/03/08 16:14:40 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/08 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >
 
and here is the other file:

OTL Extras logfile created on: 08/03/2011 16:47:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.57 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.43 Gb Free Space | 79.56% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\AVG\AVG10\avgmfapx.exe" = F:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe" = F:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:*:Enabled:Zuma -- ()
"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"F:\Program Files\AVG\AVG10\avgdiagex.exe" = F:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgnsx.exe" = F:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgam.exe" = F:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"F:\Program Files\AVG\AVG10\avgemcx.exe" = F:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05E759E7-7ACF-B383-D701-7B1759DC7FE7}" = Catalyst Control Center Graphics Light
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{11B7664A-8D1F-C035-97F5-ADFD7DF6702F}" = CCC Help Russian
"{167E4A06-F407-11D3-95F5-0080AD910D79}" = Saitek Gaming Extensions
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D6AC4CC-800F-BF55-1392-5BB72F4954BF}" = Catalyst Control Center Core Implementation
"{1E3FC888-BF38-FC2F-EF5D-F36D824D7F02}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2BE7E2D0-5A83-8DD2-36C0-FE0835839195}" = CCC Help Swedish
"{2E33FE3D-EBDC-DF7E-FFDD-1C18F66EE519}" = CCC Help Dutch
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3904455A-8B34-B93D-7BA3-C94AE685E5AC}" = Catalyst Control Center HydraVision Full
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6B751AEA-D37F-4246-9CF1-D37B429FDFD3}" = AVG 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{791A0C6A-6D4B-5D52-0D24-A54FEBD46C50}" = Catalyst Control Center Graphics Previews Common
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"{79FDB4DB-9BF6-68B0-0452-7B7CD5AB527E}" = CCC Help Danish
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84247579-2954-53BE-2085-DE7777D94B1D}" = CCC Help Polish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87EADE06-A8B2-7555-395F-C255D32C8852}" = ccc-core-preinstall
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A0E9DE0-F404-1ABC-B0B4-2C746BDABF8A}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCEA09B-7780-EF26-9238-977C85955B36}" = CCC Help English
"{9DA25CA7-605F-699E-D508-9357FCE9CC7C}" = CCC Help Hungarian
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9EE499D3-FCF9-354A-8BB5-CE6E440D7FC6}" = CCC Help Japanese
"{A07A6DA9-9E07-C8E7-C059-CF14945B8E56}" = CCC Help Korean
"{A1B3CBF2-075D-4D1A-9A57-0A4119806B95}" = Road Angel UK
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22EEDC4-854E-B9B0-C521-22B1F91269CC}" = CCC Help Finnish
"{A2562A9F-77A7-511D-6971-D9E5AD9F5AAE}" = CCC Help Chinese Standard
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A730D772-7053-4139-D3BB-A60C542A0415}" = ccc-utility
"{A7A12A19-95F8-ACDA-BC8A-3BF502C3EDBA}" = Catalyst Control Center Graphics Full New
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AAE35979-4BB3-430D-A916-F1C13E52491D}" = ATI AVIVO Codecs
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BA46BAAF-E957-6971-442A-3497EF14E1D0}" = CCC Help Thai
"{BC8C9954-78B4-E908-E0B2-E6A76F9D16C1}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C607CC3A-E936-CDD7-5829-D1207AE1943A}" = Skins
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CD886A30-47A2-A46F-DF9A-36C2B7F5CA13}" = CCC Help Greek
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF4732B9-51EA-D757-641D-635FBE2AA31A}" = CCC Help German
"{D176DE67-4A5A-7C87-F756-47E053A3DB6D}" = CCC Help Czech
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D73C1B47-5F0B-45B4-FC0C-13BEA4C92286}" = CCC Help Turkish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DE97C156-A085-3C21-A8C5-B7B7B700CA16}" = ccc-core-static
"{E122AF5F-7A54-FE09-BFAD-9145841CE42B}" = CCC Help Portuguese
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6887417-BCDE-7D66-2D22-071AC86628BB}" = CCC Help French
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBFEDB88-70CA-82ED-ACE5-B7E76DB770C6}" = Catalyst Control Center Localization All
"{EDE9FFF4-8711-C7FE-CB53-CBBE4754030D}" = Catalyst Control Center Graphics Full Existing
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{F8B38325-9477-C4AB-93ED-3B98EFFACE96}" = CCC Help Spanish
"{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Apps-O-Rama Toolbar" = Apps-O-Rama Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX640 User's Guide" = ESPRX640 User's Guide
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"GoodMEM" = GoodMEM
"InfoView" = InfoView
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = The Official DSA Theory Test for Car Drivers
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"i-Speeder" = i-Speeder
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileDB with MobileDB-Excel" = MobileDB with MobileDB-Excel
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Rocket Mania Deluxe 1.01" = Rocket Mania Deluxe 1.01
"SHOWCASE" = Feature Showcase Demo
"SysInfo" = Creative System Information
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v3.6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"ReGetDx" = ReGet Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/12/2010 18:57:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/12/2010 08:46:05 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/12/2010 17:12:25 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 15:25:47 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 15:25:48 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/12/2010 16:34:00 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/01/2011 13:13:07 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/01/2011 12:46:37 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/01/2011 14:16:15 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/01/2011 10:31:50 | Computer Name = ANDY-BASE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Regards

Andy
 
Hello andye, :bigthumb:
Please open OTL.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the window under Custom Scans/Fixes copy and paste the following

    c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
    c:\documents and settings\all users\application data\gPaEc01817\*.* /s
    c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s
    c:\documents and settings\all users\application data\gPaEc01817\*.* /s
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Thanks
Bill
In Training at WTT Classroom
 
Hi Bill :bigthumb:

Ok I've done that and here is the file:

OTL logfile created on: 10/03/2011 18:21:03 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.41 Gb Free Space | 83.36% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805

< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817

< c:\documents and settings\all users\application data\gKbJpJi01805\*.* /s >
[2011/02/20 17:06:35 | 000,000,098 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gKbJpJi01805\gKbJpJi01805

< c:\documents and settings\all users\application data\gPaEc01817\*.* /s >
[2011/01/22 22:58:21 | 000,000,094 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\gPaEc01817\gPaEc01817

< End of report >

Regards

Andy
 
Hello Andy,
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code: 
:OTL

:Files
c:\Documents and Settings\All Users\Application Data\gKbJpJi01805
c:\Documents and Settings\All Users\Application Data\gPaEc01817

:Commands
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
When complete please post how your PC is behaving now.

Thanks,
Bill
In Training at WTT Classroom
 
Hi Bill,

Ok I've done that and here is the log:

OTL logfile created on: 11/03/2011 10:33:47 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = F:\Music\Reget Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 81.20 Gb Free Space | 83.15% Space Free | Partition Type: NTFS
Drive F: | 833.85 Gb Total Space | 663.29 Gb Free Space | 79.55% Space Free | Partition Type: NTFS

Computer Name: ANDY-BASE | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\tsnp2std.exe (SONIX)
PRC - C:\WINDOWS\vsnp2std.exe (Sonix)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - F:\Program Files\Logitech\iTouch\KbdTray.exe ()
PRC - C:\Palm\HOTSYNC.EXE (Palm, Inc.)
PRC - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe (Saitek plc)


========== Modules (SafeList) ==========

MOD - F:\Music\Reget Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - F:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )
MOD - F:\Program Files\Saitek\Saitek Gaming Extensions\SaiMon.dll (Saitek plc)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- F:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- F:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- F:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- F:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc. )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 4E FD B1 1C DF CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: F:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 10:20:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 11:03:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/18 13:48:31 | 000,429,988 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14803 more lines...
O2 - BHO: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll (ReGet Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Apps-O-Rama Toolbar) - {073fbacd-9ac2-4e44-8b72-e2dad6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ReGet Bar) - {17939A30-18E2-471E-9D3A-56DD725F1215} - F:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll (ReGet Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Apps-O-Rama Toolbar) - {073FBACD-9AC2-4E44-8B72-E2DAD6810509} - C:\Program Files\Apps-O-Rama\prxtbApp0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] F:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EM_EXEC] F:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SAITEKAUTOCONFIGURE] F:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe (Saitek plc)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Documents and Settings\Andy\My Documents\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1287938974218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://connect1.virgin-atlantic.com/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.redhotremote.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - F:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/16 15:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell - "" = AutoRun
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c71d360e-f302-11df-9f79-000c768277af}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://go.divx.com/paramount2009/transformers
O33 - MountPoints2\{fe2699ec-df7f-11df-9f45-92ded4a5e0f7}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fe2699ee-df7f-11df-9f45-000c768277af}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - F:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - F:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 15:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/03/05 15:48:55 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2011/03/05 15:48:55 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/03/05 15:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/03/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Juniper Networks
[2011/03/05 15:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Mobile Database & Palm stuff
[2011/03/04 11:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Malwarebytes
[2011/03/04 11:39:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 11:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 11:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 11:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/04 11:38:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\AskToolbar
[2011/03/02 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Sammsoft
[2011/03/02 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/03/02 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\ERUNT bakup
[2011/03/02 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\erunt
[2011/03/02 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Desktop\Anti-Malware
[2011/02/20 11:10:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/18 10:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/18 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\U3
[2011/02/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/11/15 23:37:33 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2010/11/15 23:37:33 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2010/10/16 16:31:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/10/16 16:31:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/11 10:33:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-562591055-682003330-1004.job
[2011/03/11 10:33:05 | 004,923,423 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20021102}.CDF
[2011/03/11 10:32:34 | 000,116,708 | ---- | M] () -- C:\WINDOWS\System32\CTHELPER.RPT
[2011/03/11 10:32:09 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/03/11 10:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,031,032 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,030,108 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20021102}.rfx
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/11 10:31:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:31:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2011/03/11 10:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/11 09:36:07 | 000,647,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/03/11 09:36:06 | 108,311,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/11 09:33:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/03/11 00:24:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/11 00:23:40 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Andy\default.pls
[2011/03/10 18:15:52 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/10 11:59:51 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/09 22:23:13 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 22:25:22 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:14 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 19:25:53 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/03/04 19:25:52 | 000,000,054 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/04 18:22:09 | 000,000,450 | ---- | M] () -- C:\WINDOWS\MobileDB_PC.ini
[2011/03/04 11:39:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 11:38:21 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup.exe
[2011/03/02 18:08:58 | 000,064,867 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/02/20 11:12:29 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 13:48:31 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/18 11:58:33 | 000,429,988 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110218-134831.backup
[2011/02/18 10:46:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/12 17:25:27 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/12 17:25:27 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/11 16:58:06 | 000,182,127 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2011/02/11 12:15:18 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 09:17:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/11 09:12:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/09 14:11:46 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/10 18:15:52 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to OTL.lnk
[2011/03/08 22:25:22 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Shortcut to 9766897277-1.lnk
[2011/03/05 15:54:12 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\,DanaInfo=myvirginapps+launch.ica
[2011/03/04 11:39:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/02 18:08:58 | 000,064,867 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\download.php
[2011/03/02 16:51:43 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/18 14:20:05 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 10:46:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/18 10:46:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Spybot - Search & Destroy.lnk
[2011/02/11 16:58:04 | 000,182,127 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\TS010338063.dotm
[2010/12/12 12:30:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/12/03 15:52:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/18 23:10:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/16 22:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\SQLite3.dll
[2010/11/16 15:43:48 | 000,000,450 | ---- | C] () -- C:\WINDOWS\MobileDB_PC.ini
[2010/11/16 15:12:35 | 000,000,533 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/15 23:37:35 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2010/11/15 23:37:34 | 012,039,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2010/11/15 23:37:34 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2010/11/13 10:48:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/30 14:25:02 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/30 14:25:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/30 13:40:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/29 23:04:26 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 19:29:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/25 20:03:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2010/10/25 19:20:50 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/10/25 19:20:50 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/10/25 18:59:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/25 18:59:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/25 18:59:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/25 18:59:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/25 18:59:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/25 18:59:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/25 18:59:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/25 18:59:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/25 18:59:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/25 18:59:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/25 18:59:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/25 18:59:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/25 18:59:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/25 18:59:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/25 18:59:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/25 18:59:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/25 18:59:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/25 18:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX640E.ini
[2010/10/16 16:49:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/16 16:48:43 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:36:39 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
[2010/10/16 16:32:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/10/16 16:32:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/10/16 16:32:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/10/16 16:31:43 | 000,043,080 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010/10/16 16:31:43 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/10/16 16:31:27 | 000,228,510 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/10/16 16:31:26 | 000,256,927 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/10/16 16:31:26 | 000,222,293 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/10/16 16:31:25 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/10/16 16:31:25 | 000,111,996 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/10/16 16:31:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/10/16 16:31:24 | 000,054,190 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/10/16 16:31:21 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/10/16 16:31:21 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/10/16 16:31:15 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/10/16 16:31:15 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/10/16 16:31:03 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010/10/16 16:30:35 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/10/16 16:29:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/10/16 16:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/16 16:05:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/16 16:05:31 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/16 16:05:31 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/16 16:05:31 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/16 16:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 15:56:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/18 17:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/12/14 12:06:06 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >


While the scan was running it stopped and gave me a pop-up that said:

Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c
then 3 option buttons Cancel Try Again Continue

I hit continue and the pop-up remained, I hit continue 4 more times and the scan commenced.

I will let you know a little later today how the computer is operating as I need to pop out for a couple of hours now.

Regards

Andy
 
Status
Not open for further replies.
Back
Top