Any help greatly appreciated, many thanks.
Search engine changed randomly after a virus alert popped up.
Started by
animal35
, Sep 18 2011 01:50 PM
#1
Posted 18 September 2011 - 01:50 PM
animal35
-
- Member
-
- 32 posts
Member
Any help greatly appreciated, many thanks.
#2
Posted 18 September 2011 - 06:35 PM
WhiteHat
-
- Retired Staff
-
- 1,925 posts
Trusted Helper
Hello animal35 and welcome to GeeksToGo 
I'm GLeobas and I'm going to help you fix your problem.
Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
I'm GLeobas and I'm going to help you fix your problem.
Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
- Please do not try to fix anything without being asked
- I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
- I am currently reviewing your logs.
#3
Posted 18 September 2011 - 06:44 PM
WhiteHat
-
- Retired Staff
-
- 1,925 posts
Trusted Helper
Hi,
Please, follow those steps in the topic Malware and Spyware cleaning guide. At the end, post the log.
PS: Before you running OTL.exe, select the checkbox:
Extra Registry
Please, follow those steps in the topic Malware and Spyware cleaning guide. At the end, post the log.
PS: Before you running OTL.exe, select the checkbox:
Extra Registry
- Use SafeList
#4
Posted 19 September 2011 - 09:20 AM
animal35
- Topic Starter
-
- Member
-
- 32 posts
Member
Hi GLeobas, thank you for your response and good luck with your training, here's hoping you can solve this problem!!!
I have downloaded and run the OTL as requested, here are the results. Hope this is correct!
OTL logfile created on: 19/09/2011 16:13:14 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Ruth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1022.07 Mb Total Physical Memory | 200.22 Mb Available Physical Memory | 19.59% Memory free
2.41 Gb Paging File | 1.69 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.43 Gb Total Space | 45.76 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Computer Name: HARRISON | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\WINDOWS\3808011254:157025821.exe
PRC - [2011/09/19 16:11:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 06:46:00 | 004,182,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/07 21:22:01 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0169861292741920mcinstcleanup) McAfee Application Installer Cleanup (0169861292741920)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2009/03/04 15:52:58 | 000,202,016 | R--- | M] () [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/07/27 06:39:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
========== Driver Services (SafeList) ==========
DRV - [2011/08/21 10:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/21 10:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/03 10:53:22 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 17:00:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://www.searchqu....id=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com//406"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Ruth\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/19 00:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/25 21:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 21:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 14:01:29 | 000,000,000 | ---D | M]
[2011/09/18 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions
[2010/09/26 18:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions\[email protected]
[2011/09/18 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions
[2010/12/18 10:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/25 21:36:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions\[email protected]
[2011/09/19 00:04:02 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\searchplugins\avg-secure-search.xml
[2011/09/18 18:45:37 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\searchplugins\SearchResults.xml
[2011/09/18 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 00:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/16 18:44:20 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2008/06/18 06:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/12/19 00:49:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 21:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/12/03 18:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/25 21:36:03 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/12/03 18:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/18 18:45:37 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010/12/03 18:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: klz.org.uk ([portal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1283331256468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.youplay.c...ploader_v10.cab (Reg Error: Value error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{784609F5-2C6D-4CC5-94E7-5EEFFFC0326C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 19:48:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/19 16:11:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2011/09/19 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/18 23:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\AVG2012
[2011/09/18 23:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/18 23:39:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/09/18 23:25:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/18 22:53:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/18 22:52:23 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\Desktop\mbam-setup.exe
[2011/09/18 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Kalydo
[2011/09/18 22:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Music 4
[2011/09/18 22:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Music
[2011/09/18 22:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/18 22:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/18 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/18 22:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/18 22:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/18 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(3)
[2011/09/18 21:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
[2011/09/18 19:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2011/09/18 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\vlc
[2011/09/18 18:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\A00481828A90DDE97A361C28836DC137
[2011/09/18 18:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\Ilivid Player
[2011/09/18 18:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\AppData
[2011/09/18 18:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/17 07:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\Unused Desktop Shortcuts
[2011/09/11 18:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth\Recent
[2011/09/01 14:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
[2011/08/27 18:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PopCap Games
[2011/08/27 18:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/08/27 14:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Media Player Classic
[2011/08/27 14:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/08/27 14:29:16 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2011/08/27 14:29:16 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/08/27 14:29:16 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/08/27 14:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/08/21 10:00:36 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/08/31 20:27:09 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
========== Files - Modified Within 30 Days ==========
[2011/09/19 16:18:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 16:11:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2011/09/19 16:06:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{36C5C697-C88B-45AB-BE8D-80668B560DAC}.job
[2011/09/19 16:03:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/19 16:03:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3808011254
[2011/09/19 16:03:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 00:01:44 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/18 23:39:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 23:03:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/18 23:02:55 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/18 22:52:35 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\Desktop\mbam-setup.exe
[2011/09/18 22:51:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\prvlcl.dat
[2011/09/18 22:29:19 | 132,878,891 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/18 22:12:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/18 18:55:48 | 003,477,870 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Matt Cardle - Run For Your Life.mp3
[2011/09/16 20:04:03 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\times tables cards sheet.pub
[2011/09/16 18:00:33 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\Spelling Groups.pub
[2011/09/16 10:29:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 12:19:54 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 13:18:17 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 11:12:17 | 001,410,542 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\mum can.JPG
[2011/09/05 17:12:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/04 13:52:59 | 000,444,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/04 13:52:59 | 000,072,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 18:33:29 | 000,007,922 | -HS- | M] () -- C:\Documents and Settings\Ruth\Desktop\Folder.jpg
[2011/09/01 18:33:29 | 000,002,249 | -HS- | M] () -- C:\Documents and Settings\Ruth\Desktop\AlbumArtSmall.jpg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/27 19:10:09 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
========== Files Created - No Company Name ==========
[2011/09/19 00:01:44 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/18 22:52:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/18 18:55:34 | 003,477,870 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Matt Cardle - Run For Your Life.mp3
[2011/09/18 18:54:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3808011254
[2011/09/17 07:50:30 | 002,998,512 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 006.JPG
[2011/09/17 07:50:30 | 002,714,927 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 001.JPG
[2011/09/17 07:50:30 | 002,659,494 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 003.JPG
[2011/09/17 07:50:30 | 002,617,087 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 002.JPG
[2011/09/17 07:50:28 | 002,500,286 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 004.JPG
[2011/09/17 07:50:28 | 002,284,304 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 005.JPG
[2011/09/16 20:04:02 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\times tables cards sheet.pub
[2011/09/16 17:59:54 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\Spelling Groups.pub
[2011/09/16 10:29:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 11:12:17 | 001,410,542 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\mum can.JPG
[2011/08/27 18:42:06 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/08/27 14:29:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/27 14:29:17 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/08/27 14:29:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/08/27 14:29:16 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/27 14:29:16 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/27 14:29:15 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/17 18:47:32 | 000,000,085 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2011/04/12 22:38:42 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2011/01/16 00:00:08 | 000,125,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/24 14:51:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\prvlcl.dat
[2010/12/18 10:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/05 21:57:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 09:18:08 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/14 21:26:12 | 000,060,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/07 17:02:14 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 16:58:01 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/10/04 16:44:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/10/03 16:59:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/09/06 22:14:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/01 17:55:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/09/01 17:55:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/09/01 17:55:20 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/09/01 09:01:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/01 08:54:46 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\fusioncache.dat
[2010/08/31 22:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/08/31 22:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010/08/31 20:34:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/31 20:32:37 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 20:27:37 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/31 20:27:08 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/08/31 20:27:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/08/31 20:25:09 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/08/31 19:50:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 19:45:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/14 01:53:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/03/15 13:47:48 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2004/09/22 19:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 15:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 15:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 15:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 15:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 15:03:20 | 000,444,488 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 15:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 15:03:19 | 000,072,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 15:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 14:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 14:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 14:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 14:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2011/09/18 22:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/19 15:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/18 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/19 08:23:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/05 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/06 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/18 23:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/11 17:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/10/28 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/06 22:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/14 19:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/10/04 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/01/16 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2011/02/25 19:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/10/03 17:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/09/18 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/12 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/09/05 20:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/18 22:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\A00481828A90DDE97A361C28836DC137
[2010/12/28 20:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Amazon
[2011/09/18 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\AVG2012
[2011/06/25 21:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BabylonToolbar
[2011/09/18 22:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BitTorrent
[2010/12/05 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BitZipper
[2010/10/04 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Canon
[2011/06/25 21:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\DDMSettings
[2011/03/23 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\DeviceDoctorSoftware
[2010/10/11 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FinalTorrent
[2010/09/12 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Foxit Software
[2010/10/25 09:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FreeAudioPack
[2010/11/23 19:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gtk-2.0
[2011/07/06 22:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\IObit
[2011/09/18 22:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Kalydo
[2011/01/15 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Research In Motion
[2010/10/04 16:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ScanSoft
[2011/01/16 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SMART Technologies Inc
[2011/02/25 19:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Sports Interactive
[2010/09/12 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Spotify
[2010/10/11 17:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SupportSoft
[2010/09/12 17:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Trusteer
[2010/09/05 10:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\WinPatrol
[2010/10/11 18:36:50 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/10/11 18:36:47 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/09/19 16:21:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{36C5C697-C88B-45AB-BE8D-80668B560DAC}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\3808011254:157025821.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
I have downloaded and run the OTL as requested, here are the results. Hope this is correct!
OTL logfile created on: 19/09/2011 16:13:14 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Ruth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1022.07 Mb Total Physical Memory | 200.22 Mb Available Physical Memory | 19.59% Memory free
2.41 Gb Paging File | 1.69 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.43 Gb Total Space | 45.76 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Computer Name: HARRISON | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\WINDOWS\3808011254:157025821.exe
PRC - [2011/09/19 16:11:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 06:46:00 | 004,182,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/07 21:22:01 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0169861292741920mcinstcleanup) McAfee Application Installer Cleanup (0169861292741920)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2009/03/04 15:52:58 | 000,202,016 | R--- | M] () [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/07/27 06:39:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
========== Driver Services (SafeList) ==========
DRV - [2011/08/21 10:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/21 10:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/03 10:53:22 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 17:00:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://www.searchqu....id=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com//406"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Documents and Settings\Ruth\Application Data\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/19 00:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/25 21:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 21:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 14:01:29 | 000,000,000 | ---D | M]
[2011/09/18 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions
[2010/09/26 18:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions\[email protected]
[2011/09/18 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions
[2010/12/18 10:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/25 21:36:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\extensions\[email protected]
[2011/09/19 00:04:02 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\searchplugins\avg-secure-search.xml
[2011/09/18 18:45:37 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\k1b8yqwb.default\searchplugins\SearchResults.xml
[2011/09/18 19:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 00:49:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/16 18:44:20 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2008/06/18 06:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/12/19 00:49:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 21:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/12/03 18:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/25 21:36:03 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/12/03 18:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/18 18:45:37 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010/12/03 18:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: klz.org.uk ([portal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1283331256468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.youplay.c...ploader_v10.cab (Reg Error: Value error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{784609F5-2C6D-4CC5-94E7-5EEFFFC0326C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 19:48:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/19 16:11:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2011/09/19 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/18 23:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\AVG2012
[2011/09/18 23:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/18 23:39:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/09/18 23:25:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/18 22:53:28 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/18 22:52:23 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\Desktop\mbam-setup.exe
[2011/09/18 22:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Kalydo
[2011/09/18 22:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Music 4
[2011/09/18 22:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Music
[2011/09/18 22:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/18 22:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/18 22:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/18 22:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/18 22:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/18 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(3)
[2011/09/18 21:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
[2011/09/18 19:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2011/09/18 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\vlc
[2011/09/18 18:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\A00481828A90DDE97A361C28836DC137
[2011/09/18 18:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\Ilivid Player
[2011/09/18 18:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\AppData
[2011/09/18 18:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/17 07:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\Unused Desktop Shortcuts
[2011/09/11 18:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth\Recent
[2011/09/01 14:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
[2011/08/27 18:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PopCap Games
[2011/08/27 18:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/08/27 14:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Media Player Classic
[2011/08/27 14:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/08/27 14:29:16 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2011/08/27 14:29:16 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/08/27 14:29:16 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/08/27 14:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/08/21 10:00:36 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/08/31 20:27:09 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
========== Files - Modified Within 30 Days ==========
[2011/09/19 16:18:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 16:11:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2011/09/19 16:06:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{36C5C697-C88B-45AB-BE8D-80668B560DAC}.job
[2011/09/19 16:03:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/19 16:03:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3808011254
[2011/09/19 16:03:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 00:01:44 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/18 23:39:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 23:03:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/18 23:02:55 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/18 22:52:35 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\Desktop\mbam-setup.exe
[2011/09/18 22:51:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\prvlcl.dat
[2011/09/18 22:29:19 | 132,878,891 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/18 22:12:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/18 18:55:48 | 003,477,870 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Matt Cardle - Run For Your Life.mp3
[2011/09/16 20:04:03 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\times tables cards sheet.pub
[2011/09/16 18:00:33 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\Spelling Groups.pub
[2011/09/16 10:29:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 12:19:54 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 13:18:17 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 11:12:17 | 001,410,542 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\mum can.JPG
[2011/09/05 17:12:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/04 13:52:59 | 000,444,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/04 13:52:59 | 000,072,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/01 18:33:29 | 000,007,922 | -HS- | M] () -- C:\Documents and Settings\Ruth\Desktop\Folder.jpg
[2011/09/01 18:33:29 | 000,002,249 | -HS- | M] () -- C:\Documents and Settings\Ruth\Desktop\AlbumArtSmall.jpg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/27 19:10:09 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
========== Files Created - No Company Name ==========
[2011/09/19 00:01:44 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/18 22:52:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/18 18:55:34 | 003,477,870 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Matt Cardle - Run For Your Life.mp3
[2011/09/18 18:54:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3808011254
[2011/09/17 07:50:30 | 002,998,512 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 006.JPG
[2011/09/17 07:50:30 | 002,714,927 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 001.JPG
[2011/09/17 07:50:30 | 002,659,494 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 003.JPG
[2011/09/17 07:50:30 | 002,617,087 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 002.JPG
[2011/09/17 07:50:28 | 002,500,286 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 004.JPG
[2011/09/17 07:50:28 | 002,284,304 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\julybbq 005.JPG
[2011/09/16 20:04:02 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\times tables cards sheet.pub
[2011/09/16 17:59:54 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\Spelling Groups.pub
[2011/09/16 10:29:23 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 11:12:17 | 001,410,542 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\mum can.JPG
[2011/08/27 18:42:06 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/08/27 14:29:19 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/27 14:29:17 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/08/27 14:29:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/08/27 14:29:16 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/27 14:29:16 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/27 14:29:15 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/17 18:47:32 | 000,000,085 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2011/04/12 22:38:42 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2011/01/16 00:00:08 | 000,125,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/24 14:51:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\prvlcl.dat
[2010/12/18 10:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/05 21:57:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 09:18:08 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/14 21:26:12 | 000,060,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/07 17:02:14 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 16:58:01 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/10/04 16:44:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/10/03 16:59:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/09/06 22:14:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/01 17:55:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/09/01 17:55:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/09/01 17:55:20 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/09/01 09:01:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/01 08:54:46 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\fusioncache.dat
[2010/08/31 22:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010/08/31 22:41:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010/08/31 20:34:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/31 20:32:37 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/31 20:27:37 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/31 20:27:08 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/08/31 20:27:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/08/31 20:25:09 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/08/31 19:50:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 19:45:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/14 01:53:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/03/15 13:47:48 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2004/09/22 19:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 15:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 15:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 15:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 15:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 15:03:20 | 000,444,488 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 15:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 15:03:19 | 000,072,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 15:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 14:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 14:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 14:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 14:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2011/09/18 22:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/19 15:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/18 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/19 08:23:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/05 21:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/06 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/18 23:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/11 17:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/10/28 20:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/06 22:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/14 19:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/10/04 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/01/16 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2011/02/25 19:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/10/03 17:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/09/18 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/12 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/09/05 20:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/18 22:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\A00481828A90DDE97A361C28836DC137
[2010/12/28 20:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Amazon
[2011/09/18 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\AVG2012
[2011/06/25 21:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BabylonToolbar
[2011/09/18 22:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BitTorrent
[2010/12/05 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BitZipper
[2010/10/04 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Canon
[2011/06/25 21:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\DDMSettings
[2011/03/23 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\DeviceDoctorSoftware
[2010/10/11 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FinalTorrent
[2010/09/12 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Foxit Software
[2010/10/25 09:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FreeAudioPack
[2010/11/23 19:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gtk-2.0
[2011/07/06 22:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\IObit
[2011/09/18 22:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Kalydo
[2011/01/15 21:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Research In Motion
[2010/10/04 16:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ScanSoft
[2011/01/16 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SMART Technologies Inc
[2011/02/25 19:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Sports Interactive
[2010/09/12 17:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Spotify
[2010/10/11 17:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SupportSoft
[2010/09/12 17:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Trusteer
[2010/09/05 10:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\WinPatrol
[2010/10/11 18:36:50 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/10/11 18:36:47 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/09/19 16:21:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{36C5C697-C88B-45AB-BE8D-80668B560DAC}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\3808011254:157025821.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
#5
Posted 19 September 2011 - 04:57 PM
WhiteHat
-
- Retired Staff
-
- 1,925 posts
Trusted Helper
Hi,
Please, go to your desktop, open the Extras.txt using notepad and copy and past the content in your next reply.
I forgot to tell you to post Extras.txt log. You can find this log on your desktop.I have downloaded and run the OTL as requested, here are the results. Hope this is correct!
Please, go to your desktop, open the Extras.txt using notepad and copy and past the content in your next reply.
Edited by GLeobas, 19 September 2011 - 04:57 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
