Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have a virus or spyware on my laptop [Solved]

Started by bgm_co , Oct 30 2012 08:50 AM

  • This topic is locked This topic is locked

#1
bgm_co
Posted 30 October 2012 - 08:50 AM

bgm_co

    Member

  • Member
  • PipPip
  • 46 posts
When I start up laptop it says virtual memory is low.
Internet is running super slow and some pages won't open.
I can run AVG but not update. (No infection found)
I can not run Spybot, spyware doctor or malwarebytes. I can also not run some other programs eg VLC, Adobe Acrobat etc

I can run HiJackThis.

These files keep re-creating themselves:
Rjyuustj.exe
Jre-7u9-windows-i586-ifte.exe
1bBis23 (can delete some of these files but on start up they are re-created others I can not delete as they say they are in use)
QTRGI23 (I can not delete this file, says its in use)
hKM1623
(Folder) WPDNSE
Abbasqrd.exe - (not sure if this file is associated with the others I have listed)
au-descriptor-1.7.0_09-b05.xml

I have searched google for these file names but can find nothing.
  • 0

Advertisements

#2
bgm_co
Posted 30 October 2012 - 09:12 AM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Managed to get HiJackThis report :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:53, on 30/10/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000016446e12b5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [AbbAsqrd] C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12996 bytes
  • 0

#3
Buddierdl
Posted 30 October 2012 - 09:17 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello bgm_co and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please note that I am currently in training at GeekU, so my posts must be reviewed by an expert. This will cause a small delay in my responses.

We no longer use HijackThis here to diagnose problems. Please run the following scan for me so that I can get a look at your computer.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
  • 0

#4
bgm_co
Posted 30 October 2012 - 09:19 AM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
There is also a file running on my processes on task manager

_ju14D2N.tmp
  • 0

#5
bgm_co
Posted 30 October 2012 - 09:19 AM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok will do that now
  • 0

#6
bgm_co
Posted 30 October 2012 - 09:59 AM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL.Txt


OTL logfile created on: 30/10/2012 15:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andrew Grant\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.98 Mb Total Physical Memory | 381.43 Mb Available Physical Memory | 42.67% Memory free
2.12 Gb Paging File | 1.54 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.67 Gb Total Space | 14.11 Gb Free Space | 12.63% Space Free | Partition Type: NTFS

Computer Name: ANDY | User Name: Andrew Grant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
PRC - [2012/09/28 10:08:26 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/01/26 19:44:59 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/06/01 20:34:35 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/11/25 10:38:54 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 10:38:53 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 09:51:06 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 20:32:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 20:32:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 20:31:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/01/21 23:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 13:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 21:01:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/21 01:35:02 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/03/14 08:12:48 | 000,131,072 | ---- | M] () -- C:\WINDOWS\system32\msnunkernm.dll
MOD - [2010/01/21 23:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2007/10/09 04:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 04:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/04 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/27 17:27:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 10:08:26 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 18:12:14 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/25 10:38:54 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/17 20:32:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/17 20:32:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/15 14:39:42 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/01/21 23:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/21 23:02:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/18 13:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 14:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/03/14 17:34:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/02/21 01:35:02 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\hpchsnnp.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- -- (hhgud)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 09:25:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\acdho.sys -- (gnfpvplg)
DRV - [2012/10/30 09:05:20 | 000,061,440 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ygkjx.sys -- (ppep)
DRV - [2011/09/13 07:45:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 13:43:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 20:32:24 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/17 20:32:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/17 20:32:23 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/17 20:32:23 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/17 20:32:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/24 16:55:59 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/22 00:18:28 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/03/22 00:18:28 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/23 15:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 14:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/09 04:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/23 14:07:28 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2007/04/23 21:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/23 21:01:28 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/23 21:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=1080312
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080312
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080312
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000016446e12b5
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000016446e12b5
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...000016446e12b5"
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..keyword.URL: "http://search.babylo...016446e12b5&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Andrew Grant\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Andrew Grant\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 07:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/07 21:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/07 21:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 17:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 17:27:24 | 000,000,000 | ---D | M]

[2011/11/10 23:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Extensions
[2012/10/23 15:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions
[2010/07/18 21:07:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/16 08:33:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/10 23:39:32 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/31 06:11:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/07/25 11:27:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\[email protected]
[2012/06/04 18:57:37 | 000,030,312 | ---- | M] () (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/10/11 01:03:19 | 000,002,546 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\searchplugins\browsemngr.xml
[2011/11/10 23:39:18 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\searchplugins\SearchResults.xml
[2012/10/27 17:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 17:27:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 17:27:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 22:10:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/11 01:02:40 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/18 09:33:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/28 22:10:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/28 22:10:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/10 23:39:18 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/19 21:59:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/28 22:10:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/30 23:30:26 | 000,000,055 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [QuickTime Task] C:\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [AbbAsqrd] C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B14DADC0-9112-4333-A6E6-D807C5FD25E7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe) - C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 15:24:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
[2012/10/29 22:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/10/29 12:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Grant\Application Data\vlc
[2012/10/27 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/15 21:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/15 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/11 01:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/10/11 01:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/11 01:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/11 01:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/11 01:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/10/11 01:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/10/11 01:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/10/11 01:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2012/10/11 01:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/10/11 01:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Grant\Application Data\Babylon
[2012/10/11 00:15:11 | 078,545,304 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Andrew Grant\Desktop\iTunesSetup.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/30 15:35:51 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\hkM1623
[2012/10/30 15:35:28 | 000,111,616 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\1bBis23
[2012/10/30 15:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
[2012/10/30 15:32:06 | 000,120,800 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\QTRGI23
[2012/10/30 15:32:06 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\hkM1623
[2012/10/30 15:32:06 | 000,111,616 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\1bBis23
[2012/10/30 14:47:38 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\HiJackThis.lnk
[2012/10/30 14:32:35 | 000,395,248 | -H-- | M] () -- C:\WINDOWS\System32\1bBis23
[2012/10/30 14:22:01 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/10/30 13:52:57 | 000,108,144 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\My Documents\1bBis23
[2012/10/30 10:35:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\prvlcl.dat
[2012/10/30 09:25:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\acdho.sys
[2012/10/30 09:19:17 | 000,000,129 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2012/10/30 09:05:20 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ygkjx.sys
[2012/10/30 08:17:47 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/30 08:17:46 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/30 08:12:38 | 000,149,552 | -H-- | M] () -- C:\WINDOWS\System32\QRw8jTMd
[2012/10/30 08:11:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/29 23:55:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/29 21:32:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/10/26 16:02:11 | 098,625,692 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/10/24 10:26:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/22 20:32:11 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/22 11:41:39 | 000,017,020 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\Brockenhurst inv.pdf
[2012/10/20 10:44:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/15 21:57:04 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/13 17:14:44 | 000,629,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2012/10/11 01:35:34 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/11 00:46:30 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\My Documents\back up reg key.reg
[2012/10/11 00:28:50 | 078,545,304 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Andrew Grant\Desktop\iTunesSetup.exe
[2012/10/10 09:32:35 | 000,186,515 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front table.jpg
[2012/10/10 09:32:16 | 000,119,629 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back table.jpg
[2012/10/10 09:31:35 | 000,117,767 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone ear phones.jpg
[2012/10/10 09:30:55 | 000,142,954 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front bed.jpg
[2012/10/10 09:30:01 | 000,128,940 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back bed.jpg
[2012/10/10 09:27:58 | 000,117,740 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\i phone plus box etc.jpg
[2012/10/07 22:55:02 | 003,951,047 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\531.2nd.edition.ebook.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/30 15:35:50 | 000,112,256 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\hkM1623
[2012/10/30 15:35:26 | 000,111,616 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\1bBis23
[2012/10/30 14:31:33 | 000,395,248 | -H-- | C] () -- C:\WINDOWS\System32\1bBis23
[2012/10/30 13:52:56 | 000,108,144 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\My Documents\1bBis23
[2012/10/30 09:25:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\acdho.sys
[2012/10/30 09:19:16 | 000,000,129 | ---- | C] () -- C:\Shortcut to CD Drive.lnk
[2012/10/30 09:05:19 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ygkjx.sys
[2012/10/29 23:57:58 | 000,149,552 | -H-- | C] () -- C:\WINDOWS\System32\QRw8jTMd
[2012/10/29 23:54:55 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/10/29 23:54:55 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/10/29 23:54:55 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/10/29 23:54:54 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
[2012/10/29 10:31:00 | 000,120,800 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\QTRGI23
[2012/10/28 21:18:01 | 000,112,256 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\hkM1623
[2012/10/27 22:28:52 | 000,111,616 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\1bBis23
[2012/10/22 11:41:27 | 000,017,020 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\Brockenhurst inv.pdf
[2012/10/15 21:57:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/12 21:34:41 | 003,951,047 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\531.2nd.edition.ebook.pdf
[2012/10/11 01:35:34 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/11 01:33:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/11 01:33:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/10/11 01:08:27 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/10/11 00:46:30 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\My Documents\back up reg key.reg
[2012/10/10 09:32:35 | 000,186,515 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front table.jpg
[2012/10/10 09:32:16 | 000,119,629 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back table.jpg
[2012/10/10 09:31:35 | 000,117,767 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone ear phones.jpg
[2012/10/10 09:30:55 | 000,142,954 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front bed.jpg
[2012/10/10 09:30:01 | 000,128,940 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back bed.jpg
[2012/10/10 09:27:58 | 000,117,740 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\i phone plus box etc.jpg
[2012/09/06 15:39:25 | 000,180,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/14 08:12:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msnunkernm.dll
[2011/05/15 00:01:13 | 000,009,846 | ---- | C] () -- C:\WINDOWS\System32\mswancorem.dll
[2010/07/17 20:27:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gpEpEqel.dat
[2010/04/06 11:08:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\prvlcl.dat
[2009/01/14 17:34:01 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/14 16:36:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 05:49:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 10:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 254 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E3D650
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#7
bgm_co
Posted 30 October 2012 - 10:00 AM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Extras.Txt


OTL Extras logfile created on: 30/10/2012 15:37:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andrew Grant\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.98 Mb Total Physical Memory | 381.43 Mb Available Physical Memory | 42.67% Memory free
2.12 Gb Paging File | 1.54 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.67 Gb Total Space | 14.11 Gb Free Space | 12.63% Space Free | Partition Type: NTFS

Computer Name: ANDY | User Name: Andrew Grant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr .exe" = C:\Program Files\Windows Live\Messenger\msnmsgr .exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Andrew Grant\My Documents\Downloads\tinyumbrella-5.00.07.exe" = C:\Documents and Settings\Andrew Grant\My Documents\Downloads\tinyumbrella-5.00.07.exe:*:Enabled:TinyUmbrella - Save your SHSH! -- ()
"C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Savevid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1.4
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5783F2D7-0109-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{74F28F11-404B-4CEA-92FF-37BF476F239E}" = VirtualDJ PRO Full
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AnswerWorks" = AnswerWorks Runtime
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"AVG9Uninstall" = AVG 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"doPDF 7 printer_is1" = doPDF 7.2 printer
"FitDay_is1" = FitDay PC version 1.0
"GoToAssist" = GoToAssist 8.0.0.508
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Recuva" = Recuva
"SaveVid Plug-in" = SaveVid Plug-in
"Schools Disk 2" = Schools Disk 2 2.7
"SearchAssist" = SearchAssist
"Searchqu 405 MediaBar" = Windows Savevid Toolbar
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Dell Touchpad
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV
"Virtual Plastic Surgery Software - VPSS_is1" = Virtual Plastic Surgery Software - VPSS v1.0
"Volo View Express" = Volo View Express
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.2.3.2)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2012 17:38:29 | Computer Name = ANDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 29/10/2012 17:52:29 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x00c3002c.

Error - 29/10/2012 17:59:12 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 29/10/2012 18:01:33 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.7.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e0002c.

Error - 29/10/2012 18:07:05 | Computer Name = ANDY | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 3.0.0.25460, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/10/2012 19:57:34 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.7.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e0002c.

Error - 30/10/2012 04:12:39 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 7.7.2.0, faulting module
unknown, version 0.0.0.0, fault address 0x00e0002c.

Error - 30/10/2012 11:28:13 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x000108f0.

Error - 30/10/2012 11:29:41 | Computer Name = ANDY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 30/10/2012 11:32:02 | Computer Name = ANDY | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 30/10/2012 04:14:45 | Computer Name = ANDY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 30/10/2012 10:32:03 | Computer Name = ANDY | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 30/10/2012 10:32:35 | Computer Name = ANDY | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 30/10/2012 10:33:05 | Computer Name = ANDY | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 30/10/2012 11:29:12 | Computer Name = ANDY | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 30/10/2012 11:32:06 | Computer Name = ANDY | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 30/10/2012 11:32:17 | Computer Name = ANDY | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 30/10/2012 11:32:50 | Computer Name = ANDY | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/10/2012 11:33:02 | Computer Name = ANDY | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/10/2012 11:33:24 | Computer Name = ANDY | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >
  • 0

#8
Buddierdl
Posted 30 October 2012 - 05:22 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi bgm_co,

Please do the following steps for me:

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

Step 1: OTL fix

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[CREATERESTOREPOINT]

:OTL
MOD - [2012/03/14 08:12:48 | 000,131,072 | ---- | M] () -- C:\WINDOWS\system32\msnunkernm.dll

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\hpchsnnp.sys -- (Micorsoft Windows Service)
DRV - [2012/10/30 09:25:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\acdho.sys -- (gnfpvplg)
DRV - [2012/10/30 09:05:20 | 000,061,440 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ygkjx.sys -- (ppep)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- -- (hhgud)

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4

O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [AbbAsqrd] C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found

O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll) - File not found

O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe) - C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found

[2012/10/30 15:35:51 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\hkM1623
[2012/10/30 15:35:28 | 000,111,616 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\1bBis23
[2012/10/30 15:32:06 | 000,120,800 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\QTRGI23
[2012/10/30 15:32:06 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\hkM1623
[2012/10/30 15:32:06 | 000,111,616 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\1bBis23
[2012/10/30 14:32:35 | 000,395,248 | -H-- | M] () -- C:\WINDOWS\System32\1bBis23
[2012/10/30 13:52:57 | 000,108,144 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\My Documents\1bBis23
[2012/10/30 09:25:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\acdho.sys
[2012/10/30 09:05:20 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ygkjx.sys
[2012/10/30 08:12:38 | 000,149,552 | -H-- | M] () -- C:\WINDOWS\System32\QRw8jTMd

[2012/03/14 08:12:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msnunkernm.dll
[2011/05/15 00:01:13 | 000,009,846 | ---- | C] () -- C:\WINDOWS\System32\mswancorem.dll

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe"=-

:Files
C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Scan the MBR.


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 3: Clear unnecessary and harmful toolbars.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4: Run a new OTL scan.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    baseservices
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

Things I need in your next reply:
  • OTL fix log
  • aswMBR log
  • adwCleaner log
  • New OTL scan log
  • How is your computer running now?

  • 0

#9
bgm_co
Posted 01 November 2012 - 04:44 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Report from (step one) 'rub fix' on OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Releasing module C:\WINDOWS\system32\msnunkernm.dll
C:\WINDOWS\system32\msnunkernm.dll moved successfully.
Service Micorsoft Windows Service stopped successfully!
Service Micorsoft Windows Service deleted successfully!
File C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\hpchsnnp.sys not found.
Error: No service named gnfpvplg was found to stop!
Service\Driver key gnfpvplg not found.
File C:\WINDOWS\system32\drivers\acdho.sys not found.
Error: No service named ppep was found to stop!
Service\Driver key ppep not found.
File C:\WINDOWS\system32\drivers\ygkjx.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service hhgud stopped successfully!
Service hhgud deleted successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Microsoft\Windows\CurrentVersion\Run\\AbbAsqrd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\docume~1\alluse~1\applic~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe deleted successfully.
File C:\Documents and Settings\Andrew Grant\Desktop\hkM1623 not found.
File C:\Documents and Settings\Andrew Grant\Desktop\1bBis23 not found.
File C:\Documents and Settings\Andrew Grant\QTRGI23 not found.
File C:\Documents and Settings\Andrew Grant\hkM1623 not found.
File C:\Documents and Settings\Andrew Grant\1bBis23 not found.
C:\WINDOWS\system32\1bBis23 moved successfully.
File C:\Documents and Settings\Andrew Grant\My Documents\1bBis23 not found.
File C:\WINDOWS\System32\drivers\acdho.sys not found.
File C:\WINDOWS\System32\drivers\ygkjx.sys not found.
C:\WINDOWS\system32\QRw8jTMd moved successfully.
File C:\WINDOWS\System32\msnunkernm.dll not found.
C:\WINDOWS\system32\mswancorem.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim not found.
========== COMMANDS ==========
  • 0

#10
bgm_co
Posted 01 November 2012 - 05:04 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Step 2 txt report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-01 22:52:43
-----------------------------
22:52:43.703 OS Version: Windows 5.1.2600 Service Pack 2
22:52:43.703 Number of processors: 1 586 0x7C02
22:52:43.718 ComputerName: ANDY UserName:
22:52:47.953 Initialize success
22:53:57.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:53:57.625 Disk 0 Vendor: WDC_WD1200BEVS-75UST0 01.01A01 Size: 114473MB BusType: 3
22:53:57.640 Disk 0 MBR read successfully
22:53:57.640 Disk 0 MBR scan
22:53:57.640 Disk 0 Windows XP default MBR code
22:53:57.640 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
22:53:57.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114353 MB offset 240975
22:53:57.812 Disk 0 scanning sectors +234436545
22:53:58.078 Disk 0 scanning C:\WINDOWS\system32\drivers
22:54:31.734 Service scanning
22:55:04.609 Modules scanning
22:55:15.015 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
22:55:19.546 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
22:55:19.562 Disk 0 trace - called modules:
22:55:19.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll atiide.sys
22:55:19.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8518cab8]
22:55:19.953 3 CLASSPNP.SYS[f758505b] -> nt!IofCallDriver -> [0x8511b920]
22:55:19.953 5 PCTCore.sys[f737088f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85169b00]
22:55:19.953 Scan finished successfully
22:56:59.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew Grant\Desktop\MBR.dat"
22:56:59.000 The log file has been saved successfully to "C:\Documents and Settings\Andrew Grant\Desktop\aswMBR.txt"
  • 0

Advertisements

#11
bgm_co
Posted 01 November 2012 - 05:20 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Step 3 adwcleaner log

# AdwCleaner v2.006 - Logfile created 11/01/2012 at 23:05:41
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Andrew Grant - ANDY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew Grant\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\searchplugins\browsemngr.xml
File Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\searchplugins\SearchResults.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\CT2786678
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Andrew Grant\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\uTorrentBar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Program Files\Windows Savevid Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\uTorrentBar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69AADD5F-ECD4-4468-991B-A93B7EDE3445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5DEA66B-4BC2-4CFA-A6B9-85826F43AEBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\uTorrentBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114336&tt=091012_24_4112_2&babsrc=HP_ss&mntrId=040c119d0000000000000016446e12b5 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default
File : C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\prefs.js

C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Sep 19 2011 15:58:32 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129575151151403741", true);
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "24-10-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Oct 23 2011 18:26:36 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Wed Aug 10 2011 12:28:03 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2786678.EnableClickToSearchBox", false);
Deleted : user_pref("CT2786678.EnableSearchHistory", false);
Deleted : user_pref("CT2786678.EnableSearchSuggest", false);
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 479);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Wed Aug 10 2011 12:07:53 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "27-7-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Tue Jul 26 2011 22:37:11 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Mon Oct 24 2011 18:48:06 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Thu Aug 18 2011 19:30:10 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Mon Sep 19 2011 15:58:32 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Mon Oct 24 2011 16:35:35 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Yahoo! Search");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Oct 24 2011 18:48:03 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Mon Oct 24 2011 18:48:03 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Oct 25 2011 08:16:14 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Oct 23 2011 18:26:30 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN51527328014843754");
Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Wed Aug 10 2011 12:08:08 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5765642053657020323820323031312031343A33323A30332[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F7[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333139343833333938383833");
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.components.129309485163350924", false);
Deleted : user_pref("CT2786678.components.129309489763975460", false);
Deleted : user_pref("CT2786678.components.129315411424256896", false);
Deleted : user_pref("CT2786678.components.129513460540910967", false);
Deleted : user_pref("CT2786678.components.129526967958500204", false);
Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 24 2011 16:35:31 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon Oct 24 2011 18:48:06 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Oct 18 2011 13:55:11 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2786678.usageEnabled", false);
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Andrew Grant\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://uk.yhs.search.yahoo.com/avg/searc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Aug 08 2011 22:48:43 GMT+0100 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "59a6e449-37b6-456d-b506-7a1f5d31a7e8");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 18 2011 13:55:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 24 2011 18:48:11 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 24 2011 18:48:03 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "41bef9ae-8b27-4f68-998c-02016244d7ad");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114336&tt=091012_24_4112_2&b[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "040c119d0000000000000016446e12b5");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15624");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "bbcln");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.72:03:02");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114336&tt=091012_24_4112_2&babsrc=KW_ss&m[...]

*************************

AdwCleaner[S1].txt - [24054 octets] - [01/11/2012 23:05:41]

########## EOF - C:\AdwCleaner[S1].txt - [24115 octets] ##########
  • 0

#12
bgm_co
Posted 01 November 2012 - 05:40 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Step 4 OTL log report

OTL logfile created on: 01/11/2012 23:19:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andrew Grant\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.98 Mb Total Physical Memory | 166.69 Mb Available Physical Memory | 18.65% Memory free
2.12 Gb Paging File | 1.43 Gb Available in Paging File | 67.75% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.67 Gb Total Space | 12.50 Gb Free Space | 11.19% Space Free | Partition Type: NTFS

Computer Name: ANDY | User Name: Andrew Grant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
PRC - [2012/09/28 10:08:26 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/01/26 19:44:59 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2010/12/09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/25 10:38:54 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/25 10:38:53 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 09:51:06 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 20:32:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 20:32:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 20:31:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2010/01/21 23:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 13:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 21:01:30 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/21 01:35:02 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/01 23:15:34 | 000,131,072 | ---- | M] () -- C:\WINDOWS\system32\msnunkernm.dll
MOD - [2010/12/09 19:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/21 23:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2007/10/09 04:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 04:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/27 17:27:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 10:08:26 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 18:12:14 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/25 10:38:54 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/17 20:32:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/17 20:32:18 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/09 11:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/15 14:39:42 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/01/21 23:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/21 23:02:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/18 13:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 14:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/15 09:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/03/14 17:34:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/02/21 01:35:02 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/09/13 07:45:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/06 13:43:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 20:32:24 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/17 20:32:24 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/17 20:32:23 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/17 20:32:23 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/17 20:32:03 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/24 16:55:59 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/22 00:18:28 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/03/22 00:18:28 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/23 15:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 14:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/09 04:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/23 14:07:28 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2007/04/23 21:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/23 21:01:28 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/23 21:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=1080312
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080312
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=1080312
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Andrew Grant\Application Data\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Andrew Grant\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 07:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/07 21:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/07 21:16:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 17:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 17:27:24 | 000,000,000 | ---D | M]

[2011/11/10 23:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Extensions
[2012/11/01 23:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions
[2010/07/18 21:07:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/16 08:33:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/04 18:57:37 | 000,030,312 | ---- | M] () (No name found) -- C:\Documents and Settings\Andrew Grant\Application Data\Mozilla\Firefox\Profiles\enkhpuh9.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/10/27 17:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 17:27:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 17:27:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 22:10:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/18 09:33:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/28 22:10:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/28 22:10:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/19 21:59:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/28 22:10:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/30 23:30:26 | 000,000,055 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [QuickTime Task] C:\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [AbbAsqrd] C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe File not found
O4 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1944460700-2308815227-87070531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B14DADC0-9112-4333-A6E6-D807C5FD25E7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe) - C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\rxjniqim\abbasqrd.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/01 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/11/01 22:50:23 | 004,833,280 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Andrew Grant\Desktop\aswMBR.exe
[2012/11/01 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/01 21:54:24 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/10/30 15:24:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
[2012/10/29 12:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew Grant\Application Data\vlc
[2012/10/27 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/15 21:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/10/15 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/11 01:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/10/11 01:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/11 01:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/11 01:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/11 01:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/10/11 01:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/10/11 01:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/10/11 01:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2012/10/11 00:15:11 | 078,545,304 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Andrew Grant\Desktop\iTunesSetup.exe

========== Files - Modified Within 30 Days ==========

[2012/11/01 23:12:48 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/11/01 23:11:31 | 000,145,360 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\1bBis23
[2012/11/01 23:10:35 | 000,129,088 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\1bBis23
[2012/11/01 23:09:24 | 000,149,552 | -H-- | M] () -- C:\WINDOWS\System32\QRw8jTMd
[2012/11/01 23:08:47 | 000,116,784 | -H-- | M] () -- C:\WINDOWS\System32\1bBis23
[2012/11/01 23:08:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/01 23:07:21 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\hkM1623
[2012/11/01 23:03:54 | 000,540,977 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\adwcleaner.exe
[2012/11/01 22:56:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\MBR.dat
[2012/11/01 22:51:50 | 004,833,280 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Andrew Grant\Desktop\aswMBR.exe
[2012/11/01 22:50:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\prvlcl.dat
[2012/11/01 21:55:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/30 15:35:51 | 000,112,256 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\hkM1623
[2012/10/30 15:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew Grant\Desktop\OTL.exe
[2012/10/30 15:32:06 | 000,120,800 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\QTRGI23
[2012/10/30 14:47:38 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\HiJackThis.lnk
[2012/10/30 13:52:57 | 000,108,144 | -H-- | M] () -- C:\Documents and Settings\Andrew Grant\My Documents\1bBis23
[2012/10/30 09:19:17 | 000,000,129 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2012/10/30 08:17:47 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/30 08:17:46 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/29 23:55:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/29 21:32:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/10/26 16:02:11 | 098,625,692 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/10/24 10:26:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/22 20:32:11 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/22 11:41:39 | 000,017,020 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\Brockenhurst inv.pdf
[2012/10/20 10:44:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/15 21:57:04 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/13 17:14:44 | 000,629,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2012/10/11 01:35:34 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/11 00:46:30 | 000,002,624 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\My Documents\back up reg key.reg
[2012/10/11 00:28:50 | 078,545,304 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Andrew Grant\Desktop\iTunesSetup.exe
[2012/10/10 09:32:35 | 000,186,515 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front table.jpg
[2012/10/10 09:32:16 | 000,119,629 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back table.jpg
[2012/10/10 09:31:35 | 000,117,767 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone ear phones.jpg
[2012/10/10 09:30:55 | 000,142,954 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front bed.jpg
[2012/10/10 09:30:01 | 000,128,940 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back bed.jpg
[2012/10/10 09:27:58 | 000,117,740 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\i phone plus box etc.jpg
[2012/10/07 22:55:02 | 003,951,047 | ---- | M] () -- C:\Documents and Settings\Andrew Grant\Desktop\531.2nd.edition.ebook.pdf

========== Files Created - No Company Name ==========

[2012/11/01 23:03:46 | 000,540,977 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\adwcleaner.exe
[2012/11/01 22:56:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\MBR.dat
[2012/11/01 22:29:30 | 000,149,552 | -H-- | C] () -- C:\WINDOWS\System32\QRw8jTMd
[2012/11/01 22:28:56 | 000,116,784 | -H-- | C] () -- C:\WINDOWS\System32\1bBis23
[2012/10/30 15:35:50 | 000,112,256 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\hkM1623
[2012/10/30 15:35:26 | 000,129,088 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\1bBis23
[2012/10/30 13:52:56 | 000,108,144 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\My Documents\1bBis23
[2012/10/30 09:19:16 | 000,000,129 | ---- | C] () -- C:\Shortcut to CD Drive.lnk
[2012/10/29 23:54:55 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/10/29 23:54:55 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/10/29 23:54:55 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/10/29 23:54:54 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register Mask Pro 3.0.lnk
[2012/10/29 10:31:00 | 000,120,800 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\QTRGI23
[2012/10/28 21:18:01 | 000,112,256 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\hkM1623
[2012/10/27 22:28:52 | 000,145,360 | -H-- | C] () -- C:\Documents and Settings\Andrew Grant\1bBis23
[2012/10/22 11:41:27 | 000,017,020 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\Brockenhurst inv.pdf
[2012/10/15 21:57:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/10/12 21:34:41 | 003,951,047 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\531.2nd.edition.ebook.pdf
[2012/10/11 01:35:34 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/11 01:33:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/11 01:33:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/10/11 01:08:27 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/10/11 00:46:30 | 000,002,624 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\My Documents\back up reg key.reg
[2012/10/10 09:32:35 | 000,186,515 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front table.jpg
[2012/10/10 09:32:16 | 000,119,629 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back table.jpg
[2012/10/10 09:31:35 | 000,117,767 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone ear phones.jpg
[2012/10/10 09:30:55 | 000,142,954 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone front bed.jpg
[2012/10/10 09:30:01 | 000,128,940 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\iphone back bed.jpg
[2012/10/10 09:27:58 | 000,117,740 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Desktop\i phone plus box etc.jpg
[2012/09/06 15:39:25 | 000,180,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/10 23:07:19 | 000,009,846 | ---- | C] () -- C:\WINDOWS\System32\mswancorem.dll
[2011/12/01 23:15:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\msnunkernm.dll
[2010/07/17 20:27:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gpEpEqel.dat
[2010/04/06 11:08:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\prvlcl.dat
[2009/01/14 17:34:01 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/14 16:36:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew Grant\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 05:49:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 10:01:53 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2004/08/04 05:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 05:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 05:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2006/05/19 12:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/02/20 05:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 10:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
No service found with a name of EapHost
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/04 05:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 00:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2004/08/04 05:00:00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 05:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2005/08/22 18:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 10:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2005/06/10 23:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 05:00:00 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2006/06/22 10:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 10:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2004/08/04 05:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 05:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/12/07 19:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/04 05:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 05:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 05:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2005/07/08 16:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/04 05:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2006/12/19 21:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/04 05:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 05:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2006/12/19 18:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2005/05/04 12:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/08/04 05:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
No service found with a name of Dot3Svc
SRV - [2004/08/04 05:00:00 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 06:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 254 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E3D650
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#13
Buddierdl
Posted 02 November 2012 - 07:53 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi bgm_co,


Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

How is your computer running?
  • 0

#14
bgm_co
Posted 02 November 2012 - 03:00 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi,
I can not open iexplorer at all.
And the http://www.eset.com/us/online-scanner/ also won't open in any browsers. I have managed to download it to my dropbox from my iPhone then opened it on my laptop from dropbox.
When I click 'start' on eset online scanner it comes up with a message "can not get update, is proxy configured?"

The computeris still showing a message when started that virtual memory is low, the computer is running slow and still doesn't open some webpages..
  • 0

#15
bgm_co
Posted 02 November 2012 - 03:46 PM

bgm_co

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
On windows loading up

I get these messages:

DDmSetvices.exe application error
DLG.exe application error


QuickTime Task has encountered a problem and needs to close. We are sorry for the inconvenience.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP