infection by Trojan.1C8D1A13 and Crypt.AQLW

Status
Not open for further replies.
M

MisterO

New member
Hello

I'm hoping someone can help me with this.

My AVG scanner is repeatedly picking up Malware called

IDP.Trojan.1C8D1A13

and

Crypt.AQLW

AVG isolates the threat but it resurfaces repeatedly, affecting a different DLL file each time.
(The only way I have found to stop it reappearing is to disconnect my computer from the internet)

I've attached a zip of my DDS log as well as a screencap of my Virus Vault as it looks now.

And as per your forum guidelines my DDS log appears below.
Thanks in advance

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by DYLAN at 23:20:49 on 2012-04-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.424 [GMT 1:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\gtwatch.exe
C:\WINDOWS\Gtwatch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\WINDOWS\TEMP\wbkbkq\setup.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {529a0fdb-e15c-4c9e-aa28-1b162cbeb39e} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: {C7D72214-B740-408B-AB04-D1B815C9F07B} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\KHost.exe -all
uRun: [Google Update] "c:\documents and settings\dylan\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Gtwatch] c:\windows\gtwatch.exe
mRun: [<NO NAME>] c:\windows\Gtwatch.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dylan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dylan\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\dylan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\windows\twain_32\l3u16\WATCH.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnoOIaW
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dylan\application data\mozilla\firefox\profiles\8iblg8pq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c69c29c&v=7.008.031.001&i=26&tp=ab&iy=&ychte=uk&lng=en-US&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\dylan\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\dylan\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\dylan\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys [2006-5-17 18120]
S2 AMService;AMService;c:\windows\temp\wbkbkq\setup.exe run --> c:\windows\temp\wbkbkq\setup.exe run [?]
S2 ccproxy;NETw5x32;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-16 167264]
.
=============== Created Last 30 ================
.
2012-04-02 19:42:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-18 12:27:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 12:27:18 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-02-13 18:15:13 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-02-13 18:15:04 104 --sh--r- c:\windows\system32\442EBD0BFC.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 23:22:39.85 ===============
 
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

First we need to make all files and folders VISIBLE:

  • Go to start>control panel>folder options>view
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with OK

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

If you have chosen to clean your system, please post the logs made by ckscanner and ComboFix. :)
 
Thanks for offering to help

The first snag I've hit is in attempting to run CKScanner.

When I right click on CKScanner an select 'run as...' I am offered 2 accounts to run from.

Current user (my name)
which is already checked and I unchecked

and

Administrator

which I check then hit ok. But I then receive this error message:

'Unable to log on. Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.'

I have no password setup for any of the accounts on the infected machine. What should my next step be?
 
Hi MisterO,

Go ahead and attempt to run ComboFix.

Since this is the ZeroAccess infection we may need to make several attempts to break through this thing because it infects every computer differently and we may need to use several tools.
 
Thanks

I will download and run comboFix as soon as I am back in front of the infected computer. When I do so, will I first need to disable or uninstall Spybot and AVG?
 
Hi MisterO,

Just be sure to disable both of them while we are running the scans and fixes. You should not need to uninstall either of them. :) If you are given a warning by ComboFix that they are still active continue with the scan. It should not cause a problem.
 
A related side-question (And please feel free to stop me if my questions are becoming too numerous or superfluous.)

I've been downloading the applications required by this forum onto an uninfected Mac then transferring them to the infected PC via USB stick.
Is there a danger that this particular malware could 'piggyback' on this USB stick from the PC to the MAC? (And subsequently, back on to the to the PC)
 
Hi,

Great question and if you have any at all feel free to ask. :)

I don't believe that we will have a problem like that but let's do this prior to be on the safe side.

Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

If you have any problems let me know and also don't forget to post the ComboFix log when finished.
 
I am currently running comobofix as per instructions.

It has completed stage 50

It seems to be hanging at the deleting of folders stage. specifically after
C:\WINDOWS\system32\Cache

I thought it was rebooting again earlier but it seems to have just been the screen going to sleep.
Explorer (Start bar, desktop icons etc) seems to have crashed as I'm only seeing the wallpaper and the combofix window.
Opening Task Manager with Ctrl Alt Delete tells me that Combofix is running. But looking at it's process ID I see that it is using 00 CPU (2,232 K mem usage)

And although I can't access it at the moment, it's likely that AVG has reactivated itself in the background at the end of the fifteen minutes disabling window

I'm thinking I should restart my computer and try to run Combofix again?
 
Hi MisterO,

Let's go about this another way...

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In Custom Scans put the following:
    netsvcs
    /md5start
    consrv.dll
    /md5stop
    createrestorepoint
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Thanks

I have run OTL

Here are the contents of the OTL.txt log
(With the Extras.txt to follow in my next post)

OTL logfile created on: 04/04/2012 23:14:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\DYLAN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.09 Mb Total Physical Memory | 682.42 Mb Available Physical Memory | 66.77% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.10 Gb Total Space | 15.38 Gb Free Space | 6.74% Space Free | Partition Type: NTFS

Computer Name: DJMYC22J | User Name: DYLAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DYLAN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
PRC - C:\WINDOWS\Gtwatch.exe ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG Secure Search\iGearedHelper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\hcwXDS.dll ()
MOD - C:\WINDOWS\system32\wstpager.ax ()
MOD - C:\WINDOWS\system32\VBICodec.ax ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\Gtwatch.exe ()
MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Win32 Services (SafeList) ==========

SRV - (w800mdfl) -- %systemroot%\system32\edspport.dll File not found
SRV - (tosporte) -- %systemroot%\system32\Sk99202k.dll File not found
SRV - (TcUsb) -- %systemroot%\system32\usbscan.dll File not found
SRV - (s716bus) -- %systemroot%\system32\Alpham1.dll File not found
SRV - (pdscheduler) -- %systemroot%\system32\iviaspi.dll File not found
SRV - (oraclemtsrecoveryservice) -- %systemroot%\system32\se59bus.dll File not found
SRV - (NWDHCP) -- %systemroot%\system32\ICAM5USB.dll File not found
SRV - (MXOFX) -- %systemroot%\system32\AMDPCI.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (FGDSCSI) -- %systemroot%\system32\n558.dll File not found
SRV - (ET5Drv) -- %systemroot%\system32\simbad.dll File not found
SRV - (easdrv) -- %systemroot%\system32\ql10wnt.dll File not found
SRV - (dns4meclient) -- %systemroot%\system32\CTAudSvcService.dll File not found
SRV - (dktknsrv) -- %systemroot%\system32\se45mdfl.dll File not found
SRV - (ccproxy) -- %systemroot%\system32\epsonstatusagent2.dll File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (NxFsMon) -- C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (IAANTMon) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DYLAN\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys ( )
DRV - (PenClass) -- C:\WINDOWS\system32\drivers\PenClass.sys (Wacom Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4F84B933-42AB-4259-AE76-3FC3E6778E13}&mid=d0329683733b3f5ad65678528df029a7-24827d1ce0f0702a4e430da99e606b9e9fc90817&lang=us&ds=AVG&pr=pa&d=2011-12-10 12:37:18&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c69c29c&v=7.008.031.001&i=26&tp=ab&iy=&ychte=uk&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 10:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/20 23:28:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 19:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 13:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 12:47:09 | 000,000,000 | ---D | M]

[2008/06/21 16:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Extensions
[2012/03/14 13:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Firefox\Profiles\8iblg8pq.default\extensions
[2012/03/14 13:15:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\DYLAN\Application Data\Mozilla\Firefox\Profiles\8iblg8pq.default\extensions\foxmarks@kei.com
[2011/11/10 21:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 14:02:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/18 13:27:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/03/21 02:38:07 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin9.dll
[2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/03/12 19:00:51 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/14 19:18:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 19:18:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\DYLAN\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\CRX_INSTALL\
CHR - Extension: Gmail = C:\Documents and Settings\DYLAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {529a0fdb-e15c-4c9e-aa28-1b162cbeb39e} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {C7D72214-B740-408B-AB04-D1B815C9F07B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [kdx] C:\Program Files\KHost.exe -all File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
O4 - Startup: C:\Documents and Settings\DYLAN\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\DYLAN\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DYLAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/04/04 20:41:26 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: s716bus - %systemroot%\system32\Alpham1.dll File not found
NetSvcs: ccproxy - %systemroot%\system32\epsonstatusagent2.dll File not found
NetSvcs: FGDSCSI - %systemroot%\system32\n558.dll File not found
NetSvcs: oraclemtsrecoveryservice - %systemroot%\system32\se59bus.dll File not found
NetSvcs: MXOFX - %systemroot%\system32\AMDPCI.dll File not found
NetSvcs: NWDHCP - %systemroot%\system32\ICAM5USB.dll File not found
NetSvcs: tosporte - %systemroot%\system32\Sk99202k.dll File not found
NetSvcs: NxFsMon - C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
NetSvcs: dktknsrv - %systemroot%\system32\se45mdfl.dll File not found
NetSvcs: TcUsb - %systemroot%\system32\usbscan.dll File not found
NetSvcs: w800mdfl - %systemroot%\system32\edspport.dll File not found
NetSvcs: pdscheduler - %systemroot%\system32\iviaspi.dll File not found
NetSvcs: easdrv - %systemroot%\system32\ql10wnt.dll File not found
NetSvcs: dns4meclient - %systemroot%\system32\CTAudSvcService.dll File not found
NetSvcs: ET5Drv - %systemroot%\system32\simbad.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 23:08:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DYLAN\Desktop\OTL.exe
[2012/04/04 21:01:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/04 20:58:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 20:58:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 20:58:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 20:58:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 20:58:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/04 20:57:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 20:41:26 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012/04/04 20:28:04 | 004,455,902 | R--- | C] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\ComboFix.exe
[2012/04/03 23:10:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/03 23:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/03 23:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/03 23:01:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\dds.scr
[2012/04/03 23:01:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\DYLAN\Desktop\erunt-setup.exe
[2012/04/02 20:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/02 20:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/17 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DYLAN\My Documents\usb_stick
[2012/03/12 18:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DYLAN\My Documents\The Space Children Original Motion Picture Soundtrack (FSM Golden Age Classics Vol.14 No.15) (1958) (2011)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\DYLAN\Desktop\[TorrentReactor.to] - Shadowy Men On A Shadowy Planet.torrent
[2012/04/04 23:05:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/04 23:03:49 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/04/04 23:03:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 23:03:28 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 23:03:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DYLAN\Desktop\OTL.exe
[2012/04/04 23:02:55 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2012/04/04 23:02:55 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2012/04/04 23:02:55 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2012/04/04 23:02:55 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2012/04/04 23:02:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/04/04 23:02:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/04/04 23:02:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2012/04/04 23:02:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2012/04/04 21:01:43 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/04/04 20:57:53 | 004,932,819 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF
[2012/04/04 20:31:17 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-611107407-3456149426-1704487010-1005UA.job
[2012/04/04 20:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/04 20:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/04 20:17:00 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\Flash_Disinfector.exe
[2012/04/04 08:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/04 08:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/04 08:03:58 | 004,455,902 | R--- | M] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\ComboFix.exe
[2012/04/04 08:03:02 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\CKScanner.exe
[2012/04/03 23:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/03 23:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/03 23:09:21 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\ERUNT.lnk
[2012/04/03 22:57:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\DYLAN\Desktop\dds.scr
[2012/04/03 22:56:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\DYLAN\Desktop\erunt-setup.exe
[2012/04/03 22:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/03 22:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/03 21:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/03 21:29:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/03 19:35:00 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\DYLAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/03 19:34:59 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\DYLAN\Desktop\Google Chrome.lnk
[2012/04/03 19:31:47 | 093,479,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/03 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/03 19:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/02 20:57:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/01 19:27:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/31 18:59:10 | 000,232,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/31 13:15:17 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\DYLAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/31 13:12:32 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2012/03/31 12:31:04 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-611107407-3456149426-1704487010-1005Core.job
[2012/03/25 14:25:58 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 14:25:58 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 11:52:39 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 21:51:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 15:19:33 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\DYLAN\Desktop\[TorrentReactor.to] - Shadowy Men On A Shadowy Planet.torrent
[2012/04/04 21:01:42 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/04/04 21:01:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/04 20:58:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 20:58:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 20:58:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 20:58:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 20:58:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 20:28:09 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\Flash_Disinfector.exe
[2012/04/04 08:11:07 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\CKScanner.exe
[2012/04/03 23:09:21 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\DYLAN\Desktop\ERUNT.lnk
[2012/04/02 20:57:21 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/04/02 20:57:21 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/04/02 20:57:17 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/04/02 20:57:16 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/04/02 20:57:16 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/04/02 20:57:16 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/03/09 12:02:53 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/16 16:54:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2012/03/12 19:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/08/16 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/04/02 20:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/16 20:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/02/06 01:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 21:05:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/12/14 01:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2012/01/19 19:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/04/04 23:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/08/16 20:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/07 21:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/03/17 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/01/27 02:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/16 23:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/19 20:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/28 20:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/04/26 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\.BitTornado
[2012/01/14 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG Secure Search
[2011/08/16 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG10
[2010/07/18 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\AVG9
[2011/05/15 18:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/04 23:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Dropbox
[2010/06/15 20:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Facebook
[2012/02/05 18:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\foobar2000
[2012/01/22 22:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\HandBrake
[2006/04/01 19:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Leadertech
[2006/05/16 20:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\LimeWire
[2010/07/25 18:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Nokia
[2009/12/15 00:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\OpenOffice.org
[2009/03/19 00:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Panasonic
[2008/02/07 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\PC Suite
[2011/04/13 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Saer
[2006/03/21 01:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DYLAN\Application Data\Template
[2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/04/04 08:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/04/04 08:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/04/02 20:57:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/04/02 20:57:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/04/02 20:57:19 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/04/02 20:57:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/04/02 20:57:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/04/02 20:57:20 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/04/03 19:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/04/03 19:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/04/04 20:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/04/04 20:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/04/03 21:29:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/04/03 21:29:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/04/03 22:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/04/03 22:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/04/03 23:29:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/04/03 23:29:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/04/02 20:57:18 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/04/02 20:57:18 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========

< End of report >
 
And here is the OTL log Extras.Txt

OTL Extras logfile created on: 04/04/2012 23:14:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\DYLAN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.09 Mb Total Physical Memory | 682.42 Mb Available Physical Memory | 66.77% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.10 Gb Total Space | 15.38 Gb Free Space | 6.74% Space Free | Partition Type: NTFS

Computer Name: DJMYC22J | User Name: DYLAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\DYLAN\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9DBCAEDF-4853-437F-8B62-9C3B1267E9A4}" = AVG 2011
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitTornado" = BitTornado 0.3.7
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Crush'Em 2.0" = Crush'Em 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"foobar2000" = foobar2000 v1.0.3
"GoogleVideoPlayer" = Google Video Player
"HandBrake" = HandBrake 0.9.5
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puzzl'Em1.0Beta2" = Puzzl'Em 1.0 Beta2
"RealPlayer 6.0" = RealPlayer
"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Tablet Driver" = Tablet
"TaxCalc 2006" = TaxCalc 2006
"TaxCalc 2007" = TaxCalc 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/04/2012 15:56:25 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:28 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:28 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:31 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:34 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:36 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 15:56:38 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 18:05:08 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 18:05:15 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 04/04/2012 18:05:22 | Computer Name = DJMYC22J | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

[ System Events ]
Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The VIAPFD service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The USRpdA service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The Mpfp service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The Symwsc service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The SQTECH9080 service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The DevUpper service terminated with the following error: %%126

Error - 04/04/2012 14:58:48 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The Keymaestro service terminated with the following error: %%126

Error - 04/04/2012 15:00:15 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 04/04/2012 15:00:17 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 04/04/2012 15:12:12 | Computer Name = DJMYC22J | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
 
Hi,

Ok...now I can see the infection. This may take several passes to remove.
---------

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click VirusTotal

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\WINDOWS\System32\drivers\AFS2K.SYS

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
 
Thanks for all this work you are putting in to my problem

Unfortunately I will now have to be away from the infected PC for a few days.

Until Tuesday, April 10.

In that time no one else will be accessing the computer.
Is it possible to keep this thread open and active until Tuesday night?
 
Thanks for your patience jeffce.

Here I am back in the saddle.

I have clicked the link to Virustotal (The GUI is a little different to how described 'scan it' rather than 'send it.' But no matter.)

When I submitted AFS2K.SYS it gave me the following answer:


This file was already analysed by VirusTotal on 2012-04-10 19:50:27.

Detection ratio: 0/42

You can take a look at the last analysis or analyse it again now.

(I thought this was rather odd as my computer certainly wasn't switched on at that date and time. But of course, I guess it's just analysing the file itself and not where it came from.)

I analysed the file again and received the following results:

SHA256: ec87828dbd4e11079c1e7296eec568917a7b4052aa3effa402dd5faa7e45741d
File name: AFS2K.SYS
Detection ratio: 0 / 42
Analysis date: 2012-04-10 23:45:56 UTC ( 1 minute ago )
0
0
Antivirus Result Update
AhnLab-V3 - 20120410
AntiVir - 20120410
Antiy-AVL - 20120410
Avast - 20120410
AVG - 20120411
BitDefender - 20120411
ByteHero - 20120410
CAT-QuickHeal - 20120410
ClamAV - 20120411
Commtouch - 20120410
Comodo - 20120410
DrWeb - 20120411
Emsisoft - 20120410
eSafe - 20120408
eTrust-Vet - 20120410
F-Prot - 20120410
F-Secure - 20120410
Fortinet - 20120411
GData - 20120410
Ikarus - 20120410
Jiangmin - 20120410
K7AntiVirus - 20120410
Kaspersky - 20120410
McAfee - 20120411
McAfee-GW-Edition - 20120410
Microsoft - 20120410
NOD32 - 20120410
Norman - 20120410
nProtect - 20120410
Panda - 20120410
PCTools - 20120411
Rising - 20120410
Sophos - 20120411
SUPERAntiSpyware - 20120402
Symantec - 20120411
TheHacker - 20120410
TrendMicro - 20120411
TrendMicro-HouseCall - 20120411
VBA32 - 20120410
VIPRE - 20120410
ViRobot - 20120410
VirusBuster - 20120410
 
Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :Services

:OTL
SRV - (NxFsMon) -- C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2004/02/20 21:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O2 - BHO: (no name) - {529a0fdb-e15c-4c9e-aa28-1b162cbeb39e} - No CLSID value found.
O2 - BHO: (no name) - {C7D72214-B740-408B-AB04-D1B815C9F07B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
NetSvcs: NxFsMon - C:\WINDOWS\system32\null.dll (Oak Technology Inc.)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
del C:\WINDOWS\tasks\At*.job /c
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Ok, I've backed up my registry with ERUNT.

just one quick question before I launch OTL:
The infected computer is currently offline. Does the computer need to be connected to the internet before I run the fix?
 
I should add, that I have no problem reconnecting to the internet. I've just been staying offline as much as possible as a precautionary measure.
 
Status
Not open for further replies.
Back
Top