safc4life11

Done step 1 and yea was good I managed to delete the trojan but took a couple of days and was nail biting stuff as my mum used to occasionally use my comp lol. And its running alot faster generally doing the normal tasks and seems way faster on start-up as I have also reduced the number of programs that start on start-up. Also no crashes of freezes, so its going alot better :) Thanks again Angus

Done all three steps and thanks again Angus heres the first OTL code: All processes killed ========== OTL ========== Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL Prefs.js: "" removed from sweetim.toolbar.previous.browser.search. defaultenginename Prefs.js: "" removed from sweetim.toolbar.previous.browser.search. defaulturl Prefs.js: "" removed from sweetim.toolbar.previous.browser.search. selectedEngine Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL Folder C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\ext ensions\{EEE6C361-6118-11DC-9C72-001320C79847}\ not found. HKLM\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully! HKCU\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully! Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-internet-signup\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A173B69A-1F9B-4823-9FDA-412F641E65D6}\ not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C04CAC43 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:538DC028 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C842E4A5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|0 /E : value set successfully! ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Angus ->Temp folder emptied: 8526028 bytes ->Temporary Internet Files folder emptied: 6109969 bytes ->Java cache emptied: 28993 bytes ->FireFox cache emptied: 383263270 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 11699 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4729856 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 384.00 mb OTL by OldTimer - Version 3.2.23.0 log created on 05262011_131004 Files\Folders moved on Reboot... C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\PFZT4KEG\ADSAdClient31[1].txt moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\PFZT4KEG\ads[2].htm moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\PFZT4KEG\master[1].xml moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\PFZT4KEG\tt[1].txt moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\OPRSFUH6\11747-Should-Can-I-upgrade[1].htm moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\Content.IE5\4DKIHT7Z\ads[1].htm moved successfully. C:\Documents and Settings\Angus\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_180.dat not found! Registry entries deleted on Reboot... Second Report ; OTL logfile created on: 26/05/2011 13:18:31 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Angus\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.49% Memory free 7.34 Gb Paging File | 6.61 Gb Available in Paging File | 90.05% Paging File free Paging file location(s): C:\pagefile.sys 4605 4605 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.76 Gb Total Space | 152.98 Gb Free Space | 66.58% Space Free | Partition Type: NTFS Drive D: | 650.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: D8G0012J | User Name: Angus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Angus\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Angus\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll (Microsoft Corporation) MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll () SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider) DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.) DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (P32LOAD) Intel® AnyPoint® -- C:\WINDOWS\system32\drivers\p31usbld.sys (Intel Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/ IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/ IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/ IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/ IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\Software\Microsoft\Internet Explorer\SearchURL\w, = IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1451839525-625635-370588486-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?rls=ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 15:21:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/30 19:43:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/19 14:41:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:25:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 23:25:21 | 000,000,000 | ---D | M] [2008/09/09 19:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Extensions [2011/05/24 08:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions [2010/04/27 18:12:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/24 21:53:25 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [2010/07/23 15:00:23 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2011/03/24 14:38:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/04/02 10:51:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/11/11 22:03:04 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\firefox@tvunetworks.com [2008/10/06 22:00:17 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\npmozax@real.com [2011/05/05 23:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/20 06:56:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/15 15:18:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/30 00:48:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/13 19:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/19 01:46:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008/06/22 15:06:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com File not found (No name found) -- [2010/12/30 19:43:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANGUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YQ5RV2Z4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/05/19 14:41:23 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/05/20 06:56:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/05/05 23:25:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2006/09/13 17:17:34 | 000,026,112 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll [2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2011/05/05 23:25:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/05/26 13:10:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O4 - Startup: C:\Documents and Settings\Angus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1451839525-625635-370588486-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module) O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://download.shockwave.com/pub/otoy/OTOYAX.cab (Groove Control) O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.bootsphoto.com/wpp/boots/app/opcuploader.cab (Image Uploader 3.0 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab (CPlayFirstChocolatieControl Object) O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab (TikGames Online Control) O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab (CPlayFirstDinerDashControl Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/08/18 09:55:50 | 000,000,000 | R--D | M] - D:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:37:22 | 000,663,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:33:44 | 000,598,016 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:54:43 | 000,000,083 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/26 13:10:04 | 000,000,000 | ---D | C] -- C:\_OTL [2011/05/26 13:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/05/26 13:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2011/05/26 13:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/05/25 18:07:46 | 000,906,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xaudioD2_3.dll [2011/05/25 18:07:46 | 000,360,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineA3_3.dll [2011/05/25 18:07:46 | 000,286,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XactEngineD3_3.dll [2011/05/25 18:07:46 | 000,123,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFXD1_2.dll [2011/05/25 18:07:45 | 004,499,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3dx9d_40.dll [2011/05/25 18:07:45 | 003,796,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9d_33.dll [2011/05/25 18:07:45 | 003,084,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9d.dll [2011/05/25 18:07:45 | 000,496,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX10d_40.dll [2011/05/25 18:07:45 | 000,359,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8d.dll [2011/05/25 18:07:45 | 000,349,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dref9.dll [2011/05/25 18:07:45 | 000,047,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudioD1_5.dll [2011/05/25 18:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft DirectX SDK (November 2008) [2011/05/25 18:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (November 2008) [2011/05/25 18:00:04 | 000,119,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe [2011/05/25 17:52:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2011/05/25 17:52:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2011/05/25 17:52:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2011/05/25 17:52:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2011/05/25 17:52:17 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2011/05/25 17:52:16 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2011/05/25 17:52:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2011/05/25 17:52:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2011/05/25 17:52:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2011/05/25 17:52:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2011/05/25 17:52:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2011/05/25 17:52:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2011/05/25 17:52:05 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2011/05/25 17:52:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2011/05/25 17:52:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2011/05/25 17:51:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2011/05/25 17:51:56 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2011/05/25 17:51:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2011/05/25 17:51:53 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2011/05/25 17:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011/05/25 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2011/05/25 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV [2011/05/25 17:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\InstallShield [2011/05/25 17:44:46 | 000,000,000 | ---D | C] -- C:\ATI [2011/05/20 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\Malwarebytes [2011/05/20 21:14:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/20 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/20 21:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/20 21:14:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/20 21:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/19 23:35:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/19 23:27:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/05/19 22:42:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Angus\Recent [2011/05/19 15:41:12 | 000,000,000 | -H-D | C] -- C:\$AVG [2011/05/19 14:45:11 | 006,533,152 | ---- | C] (Xobni) -- C:\Documents and Settings\Angus\XobniSetup.exe [2011/05/19 14:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni [2011/05/19 14:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\AVG10 [2011/05/19 14:41:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/05/19 14:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 [2011/05/19 14:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/05/19 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/05/19 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/05/19 14:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [1 C:\Documents and Settings\Angus\My Documents\*.tmp files -> C:\Documents and Settings\Angus\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/26 13:12:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1451839525-625635-370588486-1006.job [2011/05/26 13:12:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1451839525-625635-370588486-1006.job [2011/05/26 13:12:05 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/05/26 13:11:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/26 13:11:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/26 13:11:32 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys [2011/05/26 13:10:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/05/26 13:06:54 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Angus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/05/26 13:06:48 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Angus\Desktop\NTREGOPT.lnk [2011/05/26 13:06:48 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Angus\Desktop\ERUNT.lnk [2011/05/26 12:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/26 11:36:38 | 116,111,724 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/05/25 18:13:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/05/25 18:00:04 | 000,119,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\dxsdkuninst.exe [2011/05/24 07:41:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Angus\Desktop\MBR.dat [2011/05/20 23:43:28 | 003,541,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/05/20 21:14:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/20 20:58:35 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FMRTE.lnk [2011/05/20 11:53:45 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2011/05/19 23:35:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/19 22:45:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/19 14:45:32 | 006,533,152 | ---- | M] (Xobni) -- C:\Documents and Settings\Angus\XobniSetup.exe [2011/05/19 14:41:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/05/18 20:00:35 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Angus\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk [2011/05/18 20:00:35 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2011/05/18 19:46:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/10 07:35:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [1 C:\Documents and Settings\Angus\My Documents\*.tmp files -> C:\Documents and Settings\Angus\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/26 13:06:54 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Angus\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011/05/26 13:06:48 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Angus\Desktop\NTREGOPT.lnk [2011/05/26 13:06:48 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Angus\Desktop\ERUNT.lnk [2011/05/26 11:36:38 | 116,111,724 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/05/24 07:41:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Angus\Desktop\MBR.dat [2011/05/20 21:14:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/20 11:53:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2011/05/19 14:41:26 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/05/18 20:00:35 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk [2011/05/18 20:00:35 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2011/05/05 23:25:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/03/07 22:23:58 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2011/02/25 11:32:01 | 002,196,870 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1451839525-625635-370588486-1006-0.dat [2011/02/25 11:32:00 | 000,328,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/09/06 15:20:14 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010/09/05 20:47:12 | 000,215,075 | ---- | C] () -- C:\WINDOWS\hpoins35.dat [2010/09/05 20:47:12 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat [2010/09/05 19:18:22 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat.temp [2010/06/18 07:16:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/01/09 18:44:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009/12/02 17:58:18 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Angus\Application Data\PnkBstrK.sys [2009/12/02 17:58:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009/12/02 17:58:04 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009/12/02 17:58:03 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2009/12/02 17:58:03 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009/04/15 14:51:06 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/02/04 20:51:57 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008/11/11 22:36:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/08/13 15:18:04 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/08/10 11:52:20 | 000,001,132 | ---- | C] () -- C:\WINDOWS\unins001.dat [2008/04/30 22:12:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll [2008/04/30 22:12:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL [2008/04/30 22:12:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL [2008/04/08 21:37:57 | 000,069,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/01/26 19:20:55 | 000,137,623 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2008/01/26 19:20:55 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2007/09/05 15:54:17 | 000,001,506 | ---- | C] () -- C:\WINDOWS\btclick.ini [2007/06/24 20:37:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2007/06/24 20:37:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2007/05/20 10:15:54 | 000,000,101 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/01/18 16:54:29 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Angus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/28 15:04:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\igBrowse.exe [2006/04/01 18:29:27 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/02/02 11:16:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/01/21 16:07:44 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/01/21 16:07:44 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\42AD1CF8B5.sys [2006/01/21 16:01:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2006/01/13 22:56:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini [2006/01/04 15:13:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/01/04 15:08:37 | 000,002,654 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006/01/04 15:07:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/01/04 15:05:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006/01/04 15:01:34 | 000,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/01/04 14:42:28 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini [2006/01/04 14:42:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/01/04 14:42:02 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/01/04 14:42:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE [2006/01/04 14:41:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006/01/04 14:41:34 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/01/04 14:41:14 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 13:57:15 | 003,541,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 13:51:20 | 000,486,258 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 13:51:20 | 000,081,618 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll < End of report > ESET report: C:\WINDOWS\system32\drivers\etc\hosts.msn Win32/Qhost trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\05262011_131004\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan Don't like to see the word trojan after I had one a couple of years back that was an absolute nightmare, it would have a web page pop up and to the front every 2 seconds saying I owed some porn website money lol. Had to download spyware doctor which found the file but would not remove it as it was the free version. But it gave me the location so I was able to find it and then cut it and paste it into the recyling box lol.

Done all down to Trusted Zone Warning but at this point it showed there wern't any sites in the trusted area on Exsplorer and I couldn't find an area on FireFox where the trusted sites would be, is it just bookmarked sites? Done step 1, step 2 I have attached the file for the log as I was unable to veiw it after I saved it because I don't have the software to do so and step 3 I have no idea what that is lol. Thanks for your help Angus Edit: Unless this is all you need aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-24 07:40:59 ----------------------------- 07:40:59.062 OS Version: Windows 5.1.2600 Service Pack 3 07:40:59.062 Number of processors: 2 586 0x403 07:40:59.062 ComputerName: D8G0012J UserName: Angus 07:41:00.453 Initialize success 07:41:20.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 07:41:20.812 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 3 07:41:20.843 Disk 0 MBR read successfully 07:41:20.843 Disk 0 MBR scan 07:41:20.843 Disk 0 unknown MBR code 07:41:20.859 Disk 0 scanning sectors +488263545 07:41:20.890 Disk 0 scanning C:\WINDOWS\system32\drivers 07:41:34.093 Service scanning 07:41:35.078 Disk 0 trace - called modules: 07:41:35.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 07:41:35.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acbcab8] 07:41:35.078 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ace8030] 07:41:35.078 Scan finished successfully 07:41:59.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Angus\Desktop\MBR.dat" 07:41:59.062 The log file has been saved successfully to "C:\Documents and Settings\Angus\Desktop\aswMBR.txt" aswMBR.txt

OTL Extras: OTL Extras: OTL Extras logfile created on: 21/05/2011 15:23:30 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Angus\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free 7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 4605 4605 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.76 Gb Total Space | 153.99 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 650.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: D8G0012J | User Name: Angus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios) "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software)) "C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios) "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts) "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- (TVU networks) "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe" = C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.) "C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Steam\SteamApps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\SteamApps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext "{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar) "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar) "{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar) "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86 "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software "{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A088AF9D-0B94-4C33-B327-E5B494CE810B}" = PS_AIO_05_C309_Software_Min "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer "{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011 "{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23 "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}" = Advancing Physics AS Student Standalone Edition "{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3D Windows XP" = 3D Windows XP Screen Saver "3DGroove" = OTOY "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Akamai" = Akamai NetSession Interface "Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2 "AnarkClient" = Anark Client 1.0 "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "Autodesk Express Viewer" = Autodesk Express Viewer "AVG" = AVG 2011 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "Belarc Advisor" = Belarc Advisor 8.1 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DellSupport" = Dell Support 5.0.0 (630) "DriverAgent.exe" = DriverAgent by eSupport.com "Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010) "EADM" = EA Download Manager "FrostWire" = FrostWire 4.21.3 "Google Updater" = Google Updater "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "igLoader" = igLoader "IHMC CmapTools v5.03" = IHMC CmapTools v5.03 "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "lvdrivers_11.90" = Logitech QuickCam Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PPLive" = PPLive 1.9 "PROSet" = Intel® PRO Network Connections Drivers "PunkBusterSvc" = PunkBuster Services "RealPlayer 12.0" = RealPlayer "Sina Web TV" = Sina Web TV "SopCast" = SopCast 2.0.4 "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration "Steam App 34220" = Football Manager 2011 "StreetPlugin" = Learn2 Player (Uninstall Only) "SystemRequirementsLab" = System Requirements Lab "TVUPlayer" = TVUPlayer 2.4.5.1 "UnityWebPlayer" = Unity Web Player "Veetle TV" = Veetle TV 0.9.18 "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WhiteCap" = WhiteCap "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3762933560.skyplayer.sky.com" = Sky Player Desktop "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.0.0 "Power Loader" = Power Challenge Game Plugin "Puzzle Pirates" = Puzzle Pirates ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19/05/2011 09:42:03 | Computer Name = D8G0012J | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 19/05/2011 13:15:32 | Computer Name = D8G0012J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/05/2011 15:06:23 | Computer Name = D8G0012J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/05/2011 15:06:24 | Computer Name = D8G0012J | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/05/2011 17:29:49 | Computer Name = D8G0012J | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 19/05/2011 17:47:18 | Computer Name = D8G0012J | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 19/05/2011 18:37:05 | Computer Name = D8G0012J | Source = Sophos Anti-Virus | ID = 131073 Description = Error - 19/05/2011 18:37:05 | Computer Name = D8G0012J | Source = Sophos Anti-Virus | ID = 131073 Description = Error - 20/05/2011 06:21:29 | Computer Name = D8G0012J | Source = Application Hang | ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 20/05/2011 17:37:49 | Computer Name = D8G0012J | Source = Application Error | ID = 1000 Description = Faulting application fm.exe, version 11.3.0.47461, faulting module fm.exe, version 11.3.0.47461, fault address 0x0103f9c2. [ OSession Events ] Error - 20/09/2008 17:40:59 | Computer Name = D8G0012J | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 23/09/2008 13:55:31 | Computer Name = D8G0012J | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 03/10/2008 13:00:44 | Computer Name = D8G0012J | Source = Microsoft Office 12 Sessions | ID = 7001 Description = [ System Events ] Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7031 Description = The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error - 21/05/2011 08:35:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7034 Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s). Error - 21/05/2011 08:37:47 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7000 Description = The Intel® AnyPoint® 3240 USB Modem Firmware Loader service failed to start due to the following error: %%1058 Error - 21/05/2011 10:07:06 | Computer Name = D8G0012J | Source = Service Control Manager | ID = 7000 Description = The Intel® AnyPoint® 3240 USB Modem Firmware Loader service failed to start due to the following error: %%1058 < End of report >

Done that now, hrere's the reports MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6633 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21/05/2011 15:03:38 mbam-log-2011-05-21 (15-03-38).txt Scan type: Full scan (C:\|) Objects scanned: 301043 Time elapsed: 1 hour(s), 19 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215760.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215763.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215764.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215767.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215785.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215786.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215787.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1361\A0215789.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully. OTL: OTL logfile created on: 21/05/2011 15:23:30 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Angus\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free 7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 4605 4605 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.76 Gb Total Space | 153.99 Gb Free Space | 67.02% Space Free | Partition Type: NTFS Drive D: | 650.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: D8G0012J | User Name: Angus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Angus\My Documents\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Angus\My Documents\Downloads\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll () SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider) DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.) DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (P32LOAD) Intel® AnyPoint® -- C:\WINDOWS\system32\drivers\p31usbld.sys (Intel Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://windowsisearch.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/webhp?rls=ig" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 15:21:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/30 19:43:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/19 14:41:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 23:25:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 23:25:21 | 000,000,000 | ---D | M] [2008/09/09 19:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Extensions [2011/05/19 22:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions [2010/04/27 18:12:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/24 21:53:25 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [2010/07/23 15:00:23 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2011/03/24 14:38:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/04/02 10:51:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/05/19 22:31:04 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2009/11/11 22:03:04 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\firefox@tvunetworks.com [2008/10/06 22:00:17 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\extensions\npmozax@real.com [2011/05/19 22:30:29 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\searchplugins\SweetIM Search.xml [2011/05/19 22:30:55 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Angus\Application Data\Mozilla\Firefox\Profiles\yq5rv2z4.default\searchplugins\sweetim.xml [2011/05/05 23:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/20 06:56:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/15 15:18:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/30 00:48:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/13 19:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/19 01:46:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008/06/22 15:06:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com File not found (No name found) -- [2010/12/30 19:43:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\DOCUMENTS AND SETTINGS\ANGUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YQ5RV2Z4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/05/19 14:41:23 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/05/20 06:56:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/05/05 23:25:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2006/09/13 17:17:34 | 000,026,112 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll [2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2011/05/05 23:25:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2008/04/09 21:23:48 | 000,001,061 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 208.67.70.3 O1 - Hosts: 127.0.0.1 38.99.150.167 O1 - Hosts: 127.0.0.1 38.99.150.205 O1 - Hosts: 127.0.0.1 88.255.90.60 O1 - Hosts: 127.0.0.1 opal.spod.org O1 - Hosts: 127.0.0.1 sendspace.com O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com O1 - Hosts: 127.0.0.1 ny.yieldmanager.com O1 - Hosts: 127.0.0.1 yieldmanager.com O1 - Hosts: 127.0.0.1 193.165.167.2 O1 - Hosts: 127.0.0.1 152.66.249.135 O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module) O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://download.shockwave.com/pub/otoy/OTOYAX.cab (Groove Control) O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} http://www.bootsphoto.com/wpp/boots/app/opcuploader.cab (Image Uploader 3.0 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab (CPlayFirstChocolatieControl Object) O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab (TikGames Online Control) O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab (CPlayFirstDinerDashControl Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/08/18 09:55:50 | 000,000,000 | R--D | M] - D:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:37:22 | 000,663,552 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:33:44 | 000,598,016 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2004/08/18 09:54:43 | 000,000,083 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/20 21:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\Malwarebytes [2011/05/20 21:14:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/20 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/20 21:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/20 21:14:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/20 21:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/19 23:35:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/19 23:27:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/05/19 22:42:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Angus\Recent [2011/05/19 22:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/05/19 20:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\AVG [2011/05/19 20:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011 [2011/05/19 15:41:12 | 000,000,000 | -H-D | C] -- C:\$AVG [2011/05/19 14:45:11 | 006,533,152 | ---- | C] (Xobni) -- C:\Documents and Settings\Angus\XobniSetup.exe [2011/05/19 14:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni [2011/05/19 14:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angus\Application Data\AVG10 [2011/05/19 14:41:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/05/19 14:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011 [2011/05/19 14:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2011/05/19 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/05/19 14:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/05/19 14:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/04/25 00:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/04/25 00:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [1 C:\Documents and Settings\Angus\My Documents\*.tmp files -> C:\Documents and Settings\Angus\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/21 15:16:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1451839525-625635-370588486-1006.job [2011/05/21 15:16:46 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1451839525-625635-370588486-1006.job [2011/05/21 15:07:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/21 15:06:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/05/21 15:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/21 15:06:03 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys [2011/05/21 14:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/21 11:17:57 | 115,586,897 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/05/20 23:43:28 | 003,541,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/05/20 21:14:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/20 20:58:35 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FMRTE.lnk [2011/05/20 11:53:45 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2011/05/19 23:36:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/05/19 23:35:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/05/19 22:45:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/19 22:37:52 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2011/05/19 20:46:53 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Angus\Desktop\AVG PC Tuneup 2011.lnk [2011/05/19 14:45:32 | 006,533,152 | ---- | M] (Xobni) -- C:\Documents and Settings\Angus\XobniSetup.exe [2011/05/19 14:41:26 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/05/18 20:00:35 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Angus\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk [2011/05/18 20:00:35 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2011/05/18 19:46:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/10 07:35:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/04/25 00:09:31 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [1 C:\Documents and Settings\Angus\My Documents\*.tmp files -> C:\Documents and Settings\Angus\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/21 11:17:57 | 115,586,897 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/05/20 21:14:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/20 11:53:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2011/05/19 22:37:52 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2011/05/19 20:46:53 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Angus\Desktop\AVG PC Tuneup 2011.lnk [2011/05/19 14:41:26 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/05/18 20:00:35 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk [2011/05/18 20:00:35 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2011/05/05 23:25:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/25 00:09:31 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/03/07 22:23:58 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2011/02/25 11:32:01 | 002,196,870 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1451839525-625635-370588486-1006-0.dat [2011/02/25 11:32:00 | 000,328,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/09/06 15:20:14 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010/09/05 20:47:12 | 000,215,075 | ---- | C] () -- C:\WINDOWS\hpoins35.dat [2010/09/05 20:47:12 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat [2010/09/05 19:18:22 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat.temp [2010/06/18 07:16:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/01/09 18:44:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009/12/02 17:58:18 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Angus\Application Data\PnkBstrK.sys [2009/12/02 17:58:18 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009/12/02 17:58:04 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009/12/02 17:58:03 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2009/12/02 17:58:03 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009/04/15 14:51:06 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/02/04 20:51:57 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll [2008/11/11 22:36:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/08/13 15:18:04 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/08/10 11:52:20 | 000,001,132 | ---- | C] () -- C:\WINDOWS\unins001.dat [2008/04/30 22:12:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll [2008/04/30 22:12:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL [2008/04/30 22:12:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL [2008/04/08 21:37:57 | 000,069,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/01/26 19:20:55 | 000,137,623 | ---- | C] () -- C:\WINDOWS\HPHins15.dat [2008/01/26 19:20:55 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat [2007/09/05 15:54:17 | 000,001,506 | ---- | C] () -- C:\WINDOWS\btclick.ini [2007/06/24 20:37:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2007/06/24 20:37:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2007/05/20 10:15:54 | 000,000,101 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/01/18 16:54:29 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Angus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/07/28 15:04:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\igBrowse.exe [2006/04/01 18:29:27 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/02/02 11:16:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/01/21 16:07:44 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/01/21 16:07:44 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\42AD1CF8B5.sys [2006/01/21 16:01:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe [2006/01/13 22:56:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini [2006/01/04 15:13:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/01/04 15:08:37 | 000,002,654 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006/01/04 15:07:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/01/04 15:05:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2006/01/04 15:01:34 | 000,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/01/04 14:42:28 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini [2006/01/04 14:42:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/01/04 14:42:02 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/01/04 14:42:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SETLANG.EXE [2006/01/04 14:41:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe [2006/01/04 14:41:34 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/01/04 14:41:14 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/10 13:57:15 | 003,541,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 13:51:20 | 000,486,258 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 13:51:20 | 000,081,618 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2007/02/14 12:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 [2007/09/22 11:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial [2008/07/04 18:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2011/05/19 14:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2009/04/14 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games [2011/05/19 14:41:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/06/17 22:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes [2009/04/14 19:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner [2010/09/21 16:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2009/01/11 10:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2007/11/12 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2011/05/19 14:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/01/29 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2010/08/18 10:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark [2006/07/11 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2010/05/18 17:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2006/09/12 16:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos [2010/10/24 11:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive [2011/05/21 00:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006/01/04 15:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/06/26 22:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2009/03/15 20:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/04/01 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/09 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/09 23:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/05/06 21:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\6500 Series [2008/06/04 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\alot [2008/07/04 18:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Autodesk [2011/05/19 21:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\AVG [2011/05/19 14:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\AVG10 [2007/04/12 10:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\bang [2009/06/22 21:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/12/13 13:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\CmapTools [2009/06/17 22:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\DassaultSystemes [2010/11/27 19:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Electronic Arts [2011/05/19 22:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\FrostWire [2008/01/29 19:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\GameHouse [2007/11/12 19:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\GetRightToGo [2010/07/22 17:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Gygan [2010/12/30 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\HTC [2010/12/30 19:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2008/05/02 23:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\iWin [2006/01/13 22:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Leadertech [2008/05/01 20:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Lexmark Productivity Studio [2006/07/11 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\PlayFirst [2010/06/21 21:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\PowerChallenge [2009/12/06 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\PPLive [2010/06/20 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Registry Mechanic [2009/11/25 23:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Relux Informatik AG [2008/08/10 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\SoundSpectrum [2007/11/22 17:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\SpinTop [2009/12/26 13:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\SPORE [2011/01/24 17:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Sports Interactive [2011/03/09 17:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Systweak [2006/01/16 17:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Template [2009/04/14 17:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\The Creative Assembly [2009/04/14 19:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Uniblue [2010/06/24 07:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Unity [2009/06/05 14:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\ValuSoft [2008/04/02 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Viewpoint [2010/01/09 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\World-LooM [2010/10/30 11:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\yoclient [2008/06/26 22:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angus\Application Data\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04CAC43 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538DC028 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C842E4A5 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 < End of report > The other report will be in the next post as it said it was too long Thanks for all the help everyone really appriciate it

Downloaded that thanks it said it removed 750 lol and i have looked into the reinstall but i dont think i have any driver disks. Im going to have a good look for them in the garage but not sure i'll find them unfortunatly.

Yea sounds like alot of work and money and as i wouldn't be able to do the work myself i think i will probally just buy. My current machine would still be ok if i had had some virus protection, but the fact is it has only been protected by the windows firewall for the last 5 years and as im a 18 year old lad its been very fortunate not to get something that would have crippled the machine. But because of this it just runs slower than a sloth and i've tried to delete unwanted things and installed AVG free yesterday which found over 9000 viruses, spyware ect on its seach but its still too slow. Thanks for your help and advice Angus

Sorry yea its not very clear I currently have the Dell dimesion 9150 OS: Windows XP 32 bit Processor: 3.00 gigahertz Intel Pentium 4, 16 kilobyte primary memory cache, 2048 kilobyte secondary memory cache Motherboard: DXP051 RAM: 3Gb installed, maximum is 4Gb but XP 32 bit would only recognize 3.5Gb Graphics: RADEON X600 256MB HyperMemory PSU: 375W And i wondered if i would be able to upgrade my processor or wheather i would need to change the Mobo PSU ect.. The option if i'm not able to upgrade would be to buy this OS: Windows 7 64 bit Processor: Intel® Core™ i5-650 Processor 3.20 GHz, 2.5 GT/s DMI, 4M Intel® Smart Cache RAM: 3Gb installed, maxiumum is 8Gb and as far as im aware windows would recognize all 8Gb Graphics: ATI® Radeon™ HD5450 graphics, 512MB dedicated memory Lastly I'm not an expert at all the most i have done is to add 2Gb of RAM to my current dell so please use the dumbed down talk lol and what price would you exspect to pay for the comp i may buy? Thanks again Angus

Anyone?

Hi I have a Dell Dimension 9150 Here is my specs Operating System System Model Windows XP Home Edition Service Pack 3 (build 2600) System Locale: English Dell Inc. Dell DXP051 System Service Tag: 8G0012J Chassis Serial Number: 8G0012J Enclosure Type: Tower Processor a Main Circuit Board b 3.00 gigahertz Intel Pentium 4 16 kilobyte primary memory cache 2048 kilobyte secondary memory cache 64-bit ready Hyper-threaded (2 total) Board: Dell Inc. 0YC523 Serial Number: ..CN708215B9E085. Bus Clock: 800 megahertz BIOS: Dell Inc. A02 10/28/2005 Drives Memory Modules c,d 246.70 Gigabytes Usable Hard Drive Capacity 156.84 Gigabytes Hard Drive Free Space SONY CD-RW CRX217E [Optical drive] TSSTcorp DVD-ROM TS-H352C [Optical drive] TEAC USB HS-CF Card USB Device [Hard drive] -- drive 1 TEAC USB HS-MS Card USB Device [Hard drive] -- drive 3 TEAC USB HS-SD Card USB Device [Hard drive] -- drive 4 TEAC USB HS-xD/SM USB Device [Hard drive] -- drive 2 WDC WD2500JS-75NCB1 [Hard drive] (250.00 GB) -- drive 0, SMART Status: Healthy 3072 Megabytes Usable Installed Memory Slot 'DIMM_1' has 512 MB Slot 'DIMM_3' has 1024 MB (serial number 050F9323) Slot 'DIMM_2' has 512 MB Slot 'DIMM_4' has 1024 MB (serial number 050F9623) Is there anything i can do to increase the speed, like change the processor or will the be too many problems because of the motherboard and power supply ect Also if that is the case would this comp be suitable for Word processing, internet browsing and a bit of gaming such as Football Manager 2011 Sims 3 and Age of Empires 3? Processor Intel® Core™ i5-650 Processor - 3.20 GHz - 2.5 GT/s DMI - 4M Intel® Smart Cache Operating System Genuine Windows® 7 Home Premium 64-bit RAM - 3GB installed DDR3 RAM - supports 8GB maximum DDR3 RAM Graphics card ATI® Radeon™ HD5450 graphics - 512MB dedicated memory Hard drive 500GB SATA 7200rpm Lastly would if be better to find a computer with the i5-750 as aposed to the i5-650 due to it being a quad or is it not worth the extra money? Thanks Angus