Jump to content

Help! XP Security 2012 rogue


Recommended Posts

Hi,

Colleagues PC business machine has XP Antivirus 2012 warnings everywhere!! 2nd guessed what it might be, but it was too late. He does not have Malwarebytes or any malware software currently installed for that matter.

Things have now turned evil. IE gone, mozilla will not start so no internet connection, cannot instal Malwarebytes from USB as it will not run any .exe files. With the obligatory messages everytime an app is open, offering XP Antivirus 2012 @ $70!!

I am fairly PC literate and have used Malwarebytes previously to restore a rogue on my laptop, but it wasn't this evil!!

I removed my USB after installing and attempting to run Malwarebytes on his machine and it had 998 infections. I have attached the log from AVG of the infections.

I really would appreciate your help in this matter!!!

AVG Business file.txt

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

Hello User :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Download the attached file and save it to your USB

  1. Download OTLPEStd.exe to your
  2. Ensure that you have a blank CD in the drive
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
    Plug the USB into the infected PC.
  4. Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location
  9. When asked "Do you wish to load the remote registry", select Yes
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  12. OTL should now start.
  13. Open scan.txt and paste the contents into the Custom scans and fixes box
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

scan.txt

Link to post
Share on other sites

kindly next time post the logs and do not attach them ,it makes more difficult to read.

I'll take this time and post your log

OTL logfile created on: 6/30/2011 5:14:30 PM - Run

OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 116.33 Gb Free Space | 78.12% Space Free | Partition Type: NTFS

Drive D: | 1.92 Gb Total Space | 1.83 Gb Free Space | 95.24% Space Free | Partition Type: FAT

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

A

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (stllssvr)

SRV - File not found [Disabled] -- -- (AMService)

SRV - [2011/04/18 11:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/18 02:11:02 | 000,947,528 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/03/09 13:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/07 23:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/01 06:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 12:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 12:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 12:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/22 22:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/04/14 15:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/04 18:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 10:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 08:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 02:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 01:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 01:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 00:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/07/11 22:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/07/11 22:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2007/09/24 22:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/07/23 21:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/07/23 10:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 10:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 10:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 10:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 10:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 10:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 10:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 10:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 09:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 09:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/22 22:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=40d6534200000000000000219b5bf814&tlver=1.4.19.19&ss=1&affID=17393

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ITM_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\ITM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\WASCP_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\WASCP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thecollegespartnership.co.uk/content.asp?ContentID=1

IE - HKU\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 02:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 04:24:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 04:24:18 | 000,000,000 | ---D | M]

[2011/06/24 04:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/24 04:23:07 | 000,002,428 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/06/23 05:03:16 | 000,000,000 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe033.dll (Adobe Systems, Incorporated)

O2 - BHO: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKU\ITM_ON_C\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKU\ITM_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [hidfind] C:\Program Files\hidfind.exe ()

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe ()

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\WASCP_ON_C..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ()

O4 - HKU\WASCP_ON_C..\Run: [3955554539] C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe ()

O4 - HKU\WASCP_ON_C..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Macromedia, Inc.)

O4 - HKU\WASCP_ON_C..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

O4 - HKU\WASCP_ON_C..\Run: [Aggmgm] C:\Documents and Settings\WASCP\Application Data\Aggmgm.exe ()

O4 - HKU\WASCP_ON_C..\Run: [installIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)

O4 - Startup: C:\Documents and Settings\WASCP\Start Menu\Programs\Startup\fuxsquiv.exe (Macromedia, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\aadrive32.exe ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\ITM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\WASCP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\WASCP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228722288531 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\wojggryf\fuxsquiv.exe) - C:\Program Files\wojggryf\fuxsquiv.exe (Macromedia, Inc.)

O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01}--- | m] (microsoft corporation) - CLSID or File not found.

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/06/29 10:22:26 | 000,000,003 | RHS- | M] () - D:\autorun.inf -- [ FAT ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 09:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\win

[2011/06/24 04:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Local Settings\Application Data\Mozilla

[2011/06/24 04:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Mozilla

[2011/06/24 04:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 04:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/06/24 04:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/06/24 04:22:16 | 008,613,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 02:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker

[2011/06/23 05:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/23 04:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/06/23 03:43:12 | 000,154,624 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.5612479034611116.exe

[2011/06/23 03:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/06/23 02:51:27 | 000,080,771 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\WASCP\Start Menu\Programs\Startup\fuxsquiv.exe

[2011/06/22 06:35:35 | 000,080,771 | ---- | C] (Macromedia, Inc.) -- C:\fuxsquiv.exe

[2011/06/22 06:35:33 | 000,080,771 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.3865157269856705.exe

[2011/06/21 07:28:42 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.48579614373963.exe

[2011/06/21 07:18:18 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.03213350702503881.exe

[2011/06/21 07:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm

[2011/06/21 06:56:53 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6866121523880936.exe

[2011/06/21 06:44:45 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6228646857086194.exe

[2011/06/21 06:44:28 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.5748713097343701.exe

[2011/06/21 06:34:15 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6319981528669057.exe

[2011/06/21 06:33:24 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.13923613038199323.exe

[2011/06/21 06:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/21 06:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/06/21 06:23:15 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.8945558422672438.exe

[2011/06/21 06:23:11 | 000,155,648 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.12110000677454358.exe

[2011/06/21 05:17:57 | 000,000,000 | ---D | C] -- C:\svest

[2011/06/20 07:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation

[2011/06/20 02:31:25 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/10 06:43:26 | 000,162,304 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.7625679642262003.exe

[2011/06/10 06:26:45 | 000,162,304 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.39460859046309327.exe

[2011/06/10 06:12:34 | 000,162,304 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6101893325518714.exe

[2011/06/10 05:42:06 | 000,162,304 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6735198360623669.exe

[2011/06/10 02:22:59 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/06/09 08:50:01 | 000,211,920 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe033.dll

[2011/06/08 08:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 08:49:30 | 000,013,258 | -HS- | M] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi

[2011/06/30 08:49:30 | 000,013,258 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi

[2011/06/30 07:09:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/06/30 07:09:41 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/30 07:07:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/30 06:56:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/06/30 06:56:32 | 2101,964,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/30 02:42:55 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/29 09:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2011/06/29 02:58:22 | 000,135,168 | ---- | M] () -- C:\WINDOWS\aadrive32.exe

[2011/06/27 02:19:23 | 000,348,160 | ---- | M] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe

[2011/06/27 02:19:19 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Aggmgm.exe

[2011/06/26 19:52:48 | 000,187,904 | ---- | M] () -- C:\Program Files\hidfind.exe

[2011/06/24 06:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 04:59:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/24 04:24:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 04:24:19 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 04:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 04:22:53 | 008,613,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 03:10:08 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 03:07:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel® Matrix Storage Manager

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 3

[2011/06/24 02:56:49 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/23 05:03:16 | 000,000,000 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/06/23 05:02:24 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/23 04:09:09 | 000,466,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/23 04:09:09 | 000,079,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/23 03:43:13 | 000,154,624 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.5612479034611116.exe

[2011/06/23 03:42:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0.954039394132954.exe

[2011/06/22 06:35:34 | 000,080,771 | ---- | M] (Macromedia, Inc.) -- C:\fuxsquiv.exe

[2011/06/22 06:35:34 | 000,080,771 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\WASCP\Start Menu\Programs\Startup\fuxsquiv.exe

[2011/06/22 06:35:34 | 000,080,771 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.3865157269856705.exe

[2011/06/22 02:51:22 | 119,422,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/21 07:46:17 | 000,002,312 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/06/21 07:28:43 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.48579614373963.exe

[2011/06/21 07:18:19 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.03213350702503881.exe

[2011/06/21 06:56:54 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6866121523880936.exe

[2011/06/21 06:44:46 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6228646857086194.exe

[2011/06/21 06:44:29 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.5748713097343701.exe

[2011/06/21 06:34:17 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6319981528669057.exe

[2011/06/21 06:33:27 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.13923613038199323.exe

[2011/06/21 06:23:18 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.8945558422672438.exe

[2011/06/21 06:23:14 | 000,155,648 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.12110000677454358.exe

[2011/06/21 03:02:58 | 000,655,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/06/20 02:32:02 | 000,122,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/10 06:43:27 | 000,162,304 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.7625679642262003.exe

[2011/06/10 06:26:46 | 000,162,304 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.39460859046309327.exe

[2011/06/10 06:12:35 | 000,162,304 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6101893325518714.exe

[2011/06/10 05:42:08 | 000,162,304 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\0.6735198360623669.exe

[2011/06/09 08:50:01 | 000,211,920 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe033.dll

[2011/06/03 02:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 02:58:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\aadrive32.exe

[2011/06/27 07:57:24 | 000,187,904 | ---- | C] () -- C:\Program Files\hidfind.exe

[2011/06/27 02:19:44 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Aggmgm.exe

[2011/06/27 02:19:23 | 000,348,160 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe

[2011/06/27 02:19:23 | 000,013,258 | -HS- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi

[2011/06/27 02:19:23 | 000,013,258 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi

[2011/06/24 04:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 04:24:19 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 03:10:08 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 02:57:01 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 02:56:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/23 03:42:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0.954039394132954.exe

[2011/06/20 02:32:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/24 02:13:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2011/05/11 09:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/26 04:05:36 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2010/10/21 10:11:21 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\ITM\REBOOT=ReallySuppress

[2009/09/22 02:17:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/30 05:07:16 | 000,038,433 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Comma Separated Values (Windows).ADR

[2009/01/29 06:49:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/12/02 12:12:41 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\WASCP\REBOOT=ReallySuppress

[2008/12/02 12:12:31 | 000,378,322 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\REBOOT=ReallySuppress

[2008/10/16 14:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/10/16 14:44:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll

[2008/10/16 14:44:13 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/10/16 06:00:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/16 05:56:13 | 000,002,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/10/16 05:55:15 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\Administrator\REBOOT=ReallySuppress

[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 12:16:22 | 000,466,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 12:16:22 | 000,079,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 05:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 04:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 04:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 04:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/28 00:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/01/22 22:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== LOP Check ==========

[2011/05/26 08:41:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\alot

[2010/10/21 10:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\alot

[2010/10/22 01:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\AVG10

[2010/10/21 10:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\Windows Desktop Search

[2011/05/26 08:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\alot

[2011/05/26 09:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong

[2010/01/21 05:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\alot

[2010/10/22 02:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\AVG10

[2011/05/13 02:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Avidat

[2011/06/23 05:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/02/03 07:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FinalTorrent

[2011/05/31 08:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Geaw

[2009/02/12 03:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\ICAClient

[2010/08/27 03:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\IObit

[2011/06/24 02:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/22 04:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\PriceGong

[2010/10/26 04:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Registry Mechanic

[2011/06/10 02:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Vytea

[2009/03/30 04:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Desktop Search

[2009/07/01 03:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Search

[2011/05/26 08:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/06/23 02:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 01:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/10/22 01:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/06/29 09:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/02/03 07:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2011/06/24 06:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job

[2011/05/23 02:20:41 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2011/06/29 09:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2011/06/22 06:35:34 | 000,080,771 | ---- | M] (Macromedia, Inc.) -- C:\fuxsquiv.exe

< MD5 for: EXPLORER.EXE >

[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/20 19:25:37 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/20 19:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/20 19:25:37 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/27 02:19:23 | 000,348,160 | ---- | M] ()

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

hi

Start OTLPE as you did previously from CD

Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Copy the content of fix.txt into the Custom scans and fixes box
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log

Fix.txt

Link to post
Share on other sites

Hi Ali,

I ran the fix and was able to boot up in normal mode. I could not get MBAM.exe to run, it keeps asking what I want to open it with.

Here is the latest log;

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup not found.

File C:\WINDOWS\aadrive32.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\12CFG214-K641-12SF-N85P not found.

File C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\3955554539 not found.

File C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 not found.

File C:\Recycle.Bin\Recycle.Bin.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 3 not found.

File C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Aggmgm not found.

File C:\Documents and Settings\WASCP\Application Data\Aggmgm.exe not found.

Registry value HKEY_USERS\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\InstallIQUpdater not found.

File C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe not found.

File C:\Documents and Settings\WASCP\Start Menu\Programs\Startup\fuxsquiv.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Microsoft Driver Setup not found.

File C:\WINDOWS\aadrive32.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\wojggryf\fuxsquiv.exe deleted successfully.

File C:\Program Files\wojggryf\fuxsquiv.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SwUpdate not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01}--- | m] (microsoft corporation)\ not found.

File C:\Documents and Settings\WASCP\Start Menu\Programs\Startup\fuxsquiv.exe not found.

File C:\fuxsquiv.exe not found.

Folder C:\WINDOWS\System32\xmldm\ not found.

File C:\WINDOWS\System32\AcroIEHelpe033.dll not found.

File C:\Documents and Settings\WASCP\Local Settings\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi not found.

File C:\Documents and Settings\All Users\Application Data\vd8444g56f2kar7x3608x2l1y467368xk8t7qp43bi not found.

File C:\WINDOWS\aadrive32.exe not found.

File C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe not found.

File C:\Documents and Settings\WASCP\Application Data\Aggmgm.exe not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\\@|"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -safe-mode" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\@|"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\@|"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" /E : value set successfully!

========== FILES ==========

File\Folder C:\WINDOWS\System32\0.*.exe not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.46.0 log created on 07012011_100512

Link to post
Share on other sites

hi

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

Sorry!! Should have read your message again, properly!!

Here are the 2 files;

OTL logfile created on: 01/07/2011 11:28:31 - Run 1

OTL by OldTimer - Version 3.2.25.0 Folder = F:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.24% Memory free

3.81 Gb Paging File | 3.43 Gb Available in Paging File | 90.15% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 117.25 Gb Free Space | 78.74% Space Free | Partition Type: NTFS

Drive F: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT

Computer Name: BOBCOLLINS | User Name: Bob Collins | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.scr

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe

PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.scr

MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)

SRV - File not found [Disabled | Stopped] -- -- (AMService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/23 04:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

and the extras

OTL Extras logfile created on: 01/07/2011 11:28:31 - Run 1

OTL by OldTimer - Version 3.2.25.0 Folder = F:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 73.24% Memory free

3.81 Gb Paging File | 3.43 Gb Available in Paging File | 90.15% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 117.25 Gb Free Space | 78.74% Space Free | Partition Type: NTFS

Drive F: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.21% Space Free | Partition Type: FAT

Computer Name: BOBCOLLINS | User Name: Bob Collins | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "%1" %*

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\Temp\ms0cfg32.exe" = C:\WINDOWS\Temp\ms0cfg32.exe:*:Enabled:Application Layer Gateway Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\FinalTorrent\FinalTorrent.EXE" = C:\Program Files\FinalTorrent\FinalTorrent.EXE:*:Enabled:FinalTorrent -- (Bitberry Software)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel® PRO Alerting Agent

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8E5E3330-6746-4A1D-A6BA-043E4D437A59}" = InstallIQ Updater

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011

"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"alotToolbar" = ALOT Toolbar

"AVG" = AVG 2011

"BabylonToolbar" = Babylon toolbar

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"conduitEngine" = Conduit Engine

"FinalTorrent_is1" = FinalTorrent 2010

"Free_TV_Bar_c3 Toolbar" = Free TV Bar c3 Toolbar

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Maps_Bar Toolbar" = Maps Bar Toolbar

"MESOL" = Intel® Active Management Technology

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROPLUS" = Microsoft Office Professional Plus 2007

"Registry Mechanic_is1" = Registry Mechanic 10.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FileHunter" = FileHunter

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 01/07/2011 03:41:03 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 03:41:03 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]

Error - 01/07/2011 03:41:03 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 03:41:03 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 04:19:51 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}

and it will not be loaded. This is most likely caused by a faulty registration.

Error - 01/07/2011 05:21:25 | Computer Name = BOBCOLLINS | Source = Userenv | ID = 1041

Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]

Error - 02/06/2010 02:16:18 | Computer Name = BOBCOLLINS | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1709894

seconds with 1980 seconds of active time. This session ended with a crash.

Error - 25/10/2010 02:50:57 | Computer Name = BOBCOLLINS | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 30/06/2011 03:37:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 03:49:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 04:01:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 04:13:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 04:25:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 04:37:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 30/06/2011 04:49:19 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register

with DCOM within the required timeout.

Error - 01/07/2011 04:46:28 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register

with DCOM within the required timeout.

Error - 01/07/2011 05:14:41 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register

with DCOM within the required timeout.

Error - 01/07/2011 05:18:32 | Computer Name = BOBCOLLINS | Source = DCOM | ID = 10010

Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register

with DCOM within the required timeout.

< End of report >

Link to post
Share on other sites

OTL logfile created on: 7/1/2011 9:55:20 AM - Run

OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 117.43 Gb Free Space | 78.86% Space Free | Partition Type: NTFS

Drive D: | 3.84 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (stllssvr)

SRV - File not found [Disabled] -- -- (AMService)

SRV - [2011/04/18 11:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/18 02:11:02 | 000,947,528 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/03/09 13:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/07 23:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/01 06:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 12:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 12:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 12:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/22 22:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/04/14 15:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/04 18:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 10:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 08:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 02:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 01:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 01:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 00:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/07/11 22:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/07/11 22:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2007/09/24 22:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/07/23 21:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/07/23 10:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 10:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 10:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 10:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 10:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 10:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 10:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 10:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 09:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 09:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/22 22:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=40d6534200000000000000219b5bf814&tlver=1.4.19.19&ss=1&affID=17393

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ITM_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=eu&l=en&s=gen

IE - HKU\ITM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\WASCP_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\WASCP_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thecollegespartnership.co.uk/content.asp?ContentID=1

IE - HKU\WASCP_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 02:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 04:24:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 04:24:18 | 000,000,000 | ---D | M]

[2011/06/24 04:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/24 04:23:07 | 000,002,428 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

Hosts file not found

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - File not found

O2 - BHO: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKU\ITM_ON_C\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKU\ITM_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKU\WASCP_ON_C\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [hidfind] C:\Program Files\hidfind.exe ()

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\ITM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\WASCP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\WASCP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228722288531 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 09:36:15 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2011/07/01 09:34:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/01 02:42:55 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WASCP\Desktop\mbam-setup.exe

[2011/06/24 09:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\win

[2011/06/24 04:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Local Settings\Application Data\Mozilla

[2011/06/24 04:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Mozilla

[2011/06/24 04:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 04:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/06/24 04:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/06/24 04:22:16 | 008,613,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 02:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker

[2011/06/23 05:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/23 04:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/06/23 03:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/06/21 06:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/21 06:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/06/21 05:17:57 | 000,000,000 | ---D | C] -- C:\svest

[2011/06/20 07:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation

[2011/06/20 02:31:25 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/10 02:22:59 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/06/08 08:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 03:41:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/01 03:40:52 | 2101,964,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/01 02:45:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/01 02:42:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/01 02:42:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/06/30 07:07:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/29 09:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2011/06/26 19:52:48 | 000,187,904 | ---- | M] () -- C:\Program Files\hidfind.exe

[2011/06/24 06:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 04:59:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/24 04:24:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 04:24:19 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 04:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 04:22:53 | 008,613,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 03:10:08 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 03:07:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel® Matrix Storage Manager

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

[2011/06/24 03:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 3

[2011/06/24 02:56:49 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/23 05:02:24 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/23 04:09:09 | 000,466,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/23 04:09:09 | 000,079,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/22 02:51:22 | 119,422,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/21 07:46:17 | 000,002,312 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/06/21 03:02:58 | 000,655,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/06/20 02:32:02 | 000,122,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/03 02:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 07:57:24 | 000,187,904 | ---- | C] () -- C:\Program Files\hidfind.exe

[2011/06/24 04:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 04:24:19 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 03:10:08 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 02:57:01 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 02:56:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/20 02:32:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/24 02:13:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2011/05/11 09:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/26 04:05:36 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2010/10/21 10:11:21 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\ITM\REBOOT=ReallySuppress

[2009/09/22 02:17:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/30 05:07:16 | 000,038,433 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Comma Separated Values (Windows).ADR

[2009/01/29 06:49:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/12/02 12:12:41 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\WASCP\REBOOT=ReallySuppress

[2008/12/02 12:12:31 | 000,378,322 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\REBOOT=ReallySuppress

[2008/10/16 14:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/10/16 14:44:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll

[2008/10/16 14:44:13 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/10/16 06:00:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/16 05:56:13 | 000,002,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/10/16 05:55:15 | 000,378,322 | ---- | C] () -- C:\Documents and Settings\Administrator\REBOOT=ReallySuppress

[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 12:16:22 | 000,466,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 12:16:22 | 000,079,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 05:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 04:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 04:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 04:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/28 00:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/01/22 22:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== LOP Check ==========

[2011/05/26 08:41:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\alot

[2010/10/21 10:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\alot

[2010/10/22 01:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\AVG10

[2010/10/21 10:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ITM\Application Data\Windows Desktop Search

[2011/05/26 08:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\alot

[2011/05/26 09:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong

[2010/01/21 05:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\alot

[2010/10/22 02:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\AVG10

[2011/05/13 02:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Avidat

[2011/06/23 05:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/02/03 07:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FinalTorrent

[2011/05/31 08:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Geaw

[2009/02/12 03:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\ICAClient

[2010/08/27 03:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\IObit

[2011/06/24 02:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/22 04:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\PriceGong

[2010/10/26 04:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Registry Mechanic

[2011/06/10 02:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Vytea

[2009/03/30 04:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Desktop Search

[2009/07/01 03:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Search

[2011/05/26 08:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/06/23 02:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 01:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/10/22 01:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/06/29 09:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/02/03 07:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2011/06/24 06:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job

[2011/05/23 02:20:41 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2011/06/29 09:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

hi

Download Combofix from any of the links below but rename it to svchost.com before saving it to your desktop.

Link 1

Link 2

==================================

Double click on the svchost.com & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Link to post
Share on other sites

Open OTL again , under the Custom Scans/Fixes box paste

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

winlogon.exe

Userinit.exe

svchost.exe

/md5stop

%systemroot%\*. /mp /s

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

Then click the Run Scan button, post the log it produces.

Link to post
Share on other sites

OTL logfile created on: 01/07/2011 14:17:29 - Run 2

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WASCP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 72.59% Memory free

3.81 Gb Paging File | 3.41 Gb Available in Paging File | 89.72% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 116.44 Gb Free Space | 78.19% Space Free | Partition Type: NTFS

Drive F: | 1.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT

Computer Name: BOBCOLLINS | User Name: Bob Collins | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe

PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)

SRV - File not found [Disabled | Stopped] -- -- (AMService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/23 04:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2007/09/25 04:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/07/24 03:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/23 04:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=40d6534200000000000000219b5bf814&tlver=1.4.19.19&ss=1&affID=17393

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thecollegespartnership.co.uk/content.asp?ContentID=1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 08:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:24:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 10:24:18 | 000,000,000 | ---D | M]

[2011/06/24 10:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/24 10:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/24 10:23:07 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

Hosts file not found

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - File not found

O2 - BHO: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [hidfind] C:\Program Files\hidfind.exe ()

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in )

O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in My Computer)

O15 - HKCU\..Trusted Domains: tribalhosted.co.uk ([csg2] https in Local intranet)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228722288531 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 23:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/06/29 10:22:26 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT ]

O33 - MountPoints2\{33f5d14f-92d9-11de-8413-00219b5bf814}\Shell - "" = AutoRun

O33 - MountPoints2\{33f5d14f-92d9-11de-8413-00219b5bf814}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{33f5d14f-92d9-11de-8413-00219b5bf814}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell - "" = AutoRun

O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\Auto\command - "" = MsInfo.msi

O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MsInfo.msi

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/07/01 15:36:15 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2011/07/01 15:34:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/01 14:11:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

[2011/07/01 12:55:53 | 004,130,198 | ---- | C] (Swearware) -- C:\Documents and Settings\WASCP\Desktop\svchost.com

[2011/07/01 10:45:13 | 098,078,016 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\WASCP\Desktop\OTLPEStd.exe

[2011/07/01 08:42:55 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WASCP\Desktop\mbam-setup.exe

[2011/06/24 15:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\win

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Local Settings\Application Data\Mozilla

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Mozilla

[2011/06/24 10:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/06/24 10:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/06/24 10:22:16 | 008,613,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 08:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker

[2011/06/23 11:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/23 10:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/06/23 09:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/06/21 11:17:57 | 000,000,000 | ---D | C] -- C:\svest

[2011/06/20 13:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation

[2011/06/20 08:31:25 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/10 08:22:59 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/06/08 14:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 14:15:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/01 14:15:29 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/01 14:15:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/01 14:15:22 | 2101,964,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/01 14:00:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/01 13:42:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/01 11:15:46 | 004,130,198 | ---- | M] (Swearware) -- C:\Documents and Settings\WASCP\Desktop\svchost.com

[2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

[2011/06/30 15:05:46 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\WASCP\Desktop\OTLPEStd.exe

[2011/06/29 15:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2011/06/27 01:52:48 | 000,187,904 | ---- | M] () -- C:\Program Files\hidfind.exe

[2011/06/24 12:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 10:59:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/24 10:24:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 10:24:19 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 10:22:53 | 008,613,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\WASCP\Desktop\FirefoxSetup3.6.17.exe

[2011/06/24 09:10:08 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 08:56:49 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/23 11:02:24 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/23 10:09:09 | 000,466,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/23 10:09:09 | 000,079,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/22 08:51:22 | 119,422,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/21 13:46:17 | 000,002,312 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/06/21 09:02:58 | 000,655,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/06/20 08:32:02 | 000,122,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 13:57:24 | 000,187,904 | ---- | C] () -- C:\Program Files\hidfind.exe

[2011/06/24 10:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 10:24:19 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 09:10:08 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 08:57:01 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 08:56:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/20 08:32:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/24 08:13:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2011/05/11 15:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/26 10:05:36 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2009/09/22 08:17:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/30 11:07:16 | 000,038,433 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Comma Separated Values (Windows).ADR

[2009/01/29 12:49:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/16 20:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/10/16 20:44:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll

[2008/10/16 20:44:13 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/10/16 12:00:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/16 11:56:13 | 000,002,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 23:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 23:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 23:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 18:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 18:16:22 | 000,466,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 18:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 18:16:22 | 000,079,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 18:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 18:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 18:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 18:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 18:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 18:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 18:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 18:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 11:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 11:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/28 06:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/01/23 04:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2011/03/07 00:12:59 | 002,234,368 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

< MD5 for: EXPLORER.EXE >

[2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\@: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/21 01:25:37 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\@: \"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\@: C:\Program Files (x86)\Internet Explorer\iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/21 01:25:34 | 000,552,464 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\@: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/21 01:25:37 | 000,912,344 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\@: \"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 14:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\@: C:\Program Files (x86)\Internet Explorer\iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

hi

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [hidfind] C:\Program Files\hidfind.exe ()
    O33 - MountPoints2\{33f5d14f-92d9-11de-8413-00219b5bf814}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{33f5d14f-92d9-11de-8413-00219b5bf814}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
    O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell - "" = AutoRun
    O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\Auto\command - "" = MsInfo.msi
    O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c4fca8a0-66d6-11de-840c-00219b5bf814}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MsInfo.msi
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\WASCP\Local Settings\Application Data\vot.exe" -a "%1" %*
    [2011/06/27 13:57:24 | 000,187,904 | ---- | C] () -- C:\Program Files\hidfind.exe
    [2010/08/27 03:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\IObit

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
    @="\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -safe-mode"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
    @="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
    @="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:

  • OTL log
  • MBAM log

Link to post
Share on other sites

Hi Ali,

That worked a treat!! Everything came alive, AVG Business even reported that there are some viruses!! A little late!! lol

Here is the log for the quick scan, mbam to follow;

OTL logfile created on: 01/07/2011 15:11:50 - Run 3

OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WASCP\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 66.31% Memory free

3.81 Gb Paging File | 3.26 Gb Available in Paging File | 85.79% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.92 Gb Total Space | 116.51 Gb Free Space | 78.24% Space Free | Partition Type: NTFS

Drive E: | 3.84 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: FAT32

Computer Name: BOBCOLLINS | User Name: Bob Collins | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe

PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/06/12 18:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe

========== Modules (SafeList) ==========

MOD - [2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)

SRV - File not found [Disabled | Stopped] -- -- (AMService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®

SRV - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®

SRV - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

SRV - [2007/01/23 04:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2007/09/25 04:12:48 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2007/07/24 03:42:12 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/01/23 04:45:44 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=40d6534200000000000000219b5bf814&tlver=1.4.19.19&ss=1&affID=17393

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thecollegespartnership.co.uk/content.asp?ContentID=1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 08:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:24:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 10:24:18 | 000,000,000 | ---D | M]

[2011/06/24 10:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions

[2011/06/24 10:25:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WASCP\Application Data\Mozilla\Firefox\Profiles\rfkfg9b9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/24 10:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/24 10:23:07 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/07/01 15:06:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - File not found

O2 - BHO: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Maps Bar Toolbar) - {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\prxtbFre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Maps Bar Toolbar) - {FE337D7B-1447-4780-9A52-48BDAC438235} - C:\Program Files\Maps_Bar\prxtbMap0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in )

O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in My Computer)

O15 - HKCU\..Trusted Domains: tribalhosted.co.uk ([csg2] https in Local intranet)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228722288531 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\WASCP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Value error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 23:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/07/01 15:36:15 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2011/07/01 15:34:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/01 14:11:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

[2011/07/01 12:55:53 | 004,130,198 | ---- | C] (Swearware) -- C:\Documents and Settings\WASCP\Desktop\svchost.com

[2011/07/01 10:45:13 | 098,078,016 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\WASCP\Desktop\OTLPEStd.exe

[2011/07/01 08:42:55 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WASCP\Desktop\mbam-setup.exe

[2011/06/24 15:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\win

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Local Settings\Application Data\Mozilla

[2011/06/24 10:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\Mozilla

[2011/06/24 10:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox

[2011/06/24 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/06/24 10:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2011/06/24 08:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced PC Tweaker

[2011/06/23 11:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/23 10:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2011/06/23 09:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/21 12:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2011/06/21 11:17:57 | 000,000,000 | ---D | C] -- C:\svest

[2011/06/20 13:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation

[2011/06/10 08:22:59 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/06/08 14:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 15:09:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/01 15:08:42 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/01 15:08:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/01 15:08:33 | 2101,964,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/01 15:06:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/07/01 15:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job

[2011/07/01 14:27:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/07/01 13:42:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/01 11:15:46 | 004,130,198 | ---- | M] (Swearware) -- C:\Documents and Settings\WASCP\Desktop\svchost.com

[2011/07/01 10:26:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WASCP\Desktop\OTL.scr

[2011/06/30 15:05:46 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\WASCP\Desktop\OTLPEStd.exe

[2011/06/24 12:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 10:59:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/06/24 10:24:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 10:24:19 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 09:10:08 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 08:56:49 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/23 11:02:24 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2011/06/23 10:09:09 | 000,466,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/06/23 10:09:09 | 000,079,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/22 08:51:22 | 119,422,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/06/21 13:46:17 | 000,002,312 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/06/21 09:02:58 | 000,655,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/06/20 08:32:02 | 000,122,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[44 C:\Documents and Settings\WASCP\Application Data\*.tmp files -> C:\Documents and Settings\WASCP\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 10:24:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/24 10:24:19 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/06/24 09:10:08 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\inetcpl.cpl (2).lnk

[2011/06/24 08:57:01 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job

[2011/06/24 08:56:49 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced PC Tweaker.lnk

[2011/06/20 08:32:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2011/05/24 08:13:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2011/05/11 15:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/26 10:05:36 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

[2009/09/22 08:17:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\WASCP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/30 11:07:16 | 000,038,433 | ---- | C] () -- C:\Documents and Settings\WASCP\Application Data\Comma Separated Values (Windows).ADR

[2009/01/29 12:49:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/16 20:44:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2008/10/16 20:44:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll

[2008/10/16 20:44:13 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/10/16 12:00:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/10/16 11:56:13 | 000,002,312 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 23:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 23:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 23:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 18:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 18:16:22 | 000,466,844 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 18:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 18:16:22 | 000,079,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 18:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 18:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 18:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 18:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 18:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 18:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 18:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 18:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 11:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 11:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/02/28 06:03:32 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/01/23 04:45:40 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

========== LOP Check ==========

[2011/05/26 14:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2011/06/23 08:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/22 07:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/10/22 07:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/07/01 15:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/02/03 13:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2010/01/21 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\alot

[2010/10/22 08:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\AVG10

[2011/05/13 08:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Avidat

[2011/06/23 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FileHunter

[2011/02/03 13:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\FinalTorrent

[2011/05/31 14:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Geaw

[2009/02/12 09:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\ICAClient

[2011/06/24 08:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\MSNInstaller

[2011/06/22 10:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\PriceGong

[2010/10/26 10:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Registry Mechanic

[2011/06/10 08:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Vytea

[2009/03/30 10:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Desktop Search

[2009/07/01 09:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WASCP\Application Data\Windows Search

[2011/06/24 12:12:25 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job

[2011/05/23 08:20:41 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

[2011/07/01 15:05:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

Here is the mbam log;

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

01/07/2011 15:29:08

mbam-log-2011-07-01 (15-29-08).txt

Scan type: Quick Scan

Objects scanned: 124546

Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 5

Files Infected: 58

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data (Adware.PriceGong) -> Quarantined and deleted successfully.

Files Infected:

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\1.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\a.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\b.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\c.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\d.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\e.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\f.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\g.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\h.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\i.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\J.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\k.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\l.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\m.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\mru.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\n.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\o.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\p.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\q.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\r.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\s.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\t.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\u.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\v.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\w.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\x.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\y.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Application Data\PriceGong\Data\z.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\1.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\a.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\b.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\c.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\d.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\e.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\f.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\g.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\h.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\i.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\J.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\k.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\l.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\m.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\mru.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\n.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\o.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\p.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\q.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\r.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\s.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\t.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\u.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\v.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\w.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\x.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\y.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Application Data\PriceGong\Data\z.xml (Adware.PriceGong) -> Quarantined and deleted successfully.

C:\Documents and Settings\WASCP\Desktop\svchost.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

hi

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.