Personal security problem

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Personal security problem28th February 2010, 5:42 pm

I'm having serious problems with this programme, I cannot access my isp or internet explorer (this is our laptop), I cannot run any malware programmes to stop this. Everthing I try just keeps on being stopped. The computer freezes all the time, I've spent hours on this and it just seems to be getting worse freezing all the time. Is there anyone there that can help me? I've tried going into safe mode and nothing much is working there either, Please help!!

Regards, Ramona

Re: Personal security problem28th February 2010, 10:31 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

OTL Log28th February 2010, 10:57 pm

OTL logfile created on: 28/02/2010 22:54:29 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 211.02 Gb Free Space | 73.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.43% Space Free | Partition Type: NTFS
Drive E: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMONA-PC
Current User Name: Ramona
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/24 18:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe
PRC - [2006/12/05 11:40:44 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
PRC - [2006/11/10 12:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/13 23:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe

========== Modules (SafeList) ==========

MOD - [2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2006/11/10 11:53:27 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\idleproc.dll
MOD - [2003/08/13 01:17:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 07:12:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 07:12:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/06 00:29:26 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/28 23:22:23 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfeb319e3319) Google Update Service (gupdate1c9dfeb319e3319)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/15 12:38:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/28 04:50:12 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/12/02 17:34:30 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Stopped] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

O1 HOSTS File: ([2010/02/28 20:06:05 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (&Security Update) - {04DFB628-514B-4E68-9076-DC1024F58A96} - C:\Windows\System32\win32extension.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {c4050ae5-e899-357f-e583-3eb0447d2141} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O24 - Desktop BackupWallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/15 20:32:42 | 000,000,111 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- [2007/06/19 22:48:38 | 000,204,680 | R--- | M] ()
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell\AutoRun\command - "" = J:\VFPcAssistant.exe -- File not found
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\AutoRun\command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\explore\Command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\open\Command - "" = e2e2~1\e2e2~1\pal.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/28 22:47:00 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/02/28 18:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\Malwarebytes
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\PC Tools
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/02/28 13:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/28 13:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/27 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/27 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\PersSecurity
[2010/02/26 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Local\AOL Broadband Toolbar
[2010/02/25 23:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Broadband Toolbar
[2010/02/25 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Broadband Toolbar
[2010/02/25 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/25 23:32:18 | 000,000,000 | ---D | C] -- C:\Windows\aolshare
[2010/02/25 23:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.1 Beta
[2010/02/25 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Radio_Bar_1
[2010/02/18 19:59:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\nagasoft
[2009/07/08 13:59:47 | 000,417,887 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/28 22:50:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/28 22:50:58 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/28 22:50:58 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/02/28 22:44:56 | 000,000,252 | ---- | M] () -- C:\Windows\win.ini
[2010/02/28 22:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/28 22:42:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/28 22:42:18 | 002,359,296 | -HS- | M] () -- C:\Users\Ramona\ntuser.dat
[2010/02/28 22:42:18 | 000,524,288 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/28 22:42:18 | 000,065,536 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/28 22:42:15 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/28 22:41:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 22:41:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 22:41:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 22:40:28 | 002,381,925 | -H-- | M] () -- C:\Users\Ramona\AppData\Local\IconCache.db
[2010/02/28 22:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:06:08 | 000,000,691 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2010/02/28 20:06:08 | 000,000,035 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2010/02/28 20:06:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/28 11:03:04 | 000,066,368 | ---- | M] () -- C:\Users\Ramona\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/27 13:21:33 | 000,000,877 | ---- | M] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
[2010/02/27 13:21:27 | 000,632,320 | ---- | M] () -- C:\Windows\System32\win32extension.dll
[2010/02/27 08:55:32 | 056,305,693 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/27 01:04:10 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences.dat
[2010/02/27 00:57:15 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences2.dat
[2010/02/25 23:34:19 | 000,000,857 | ---- | M] () -- C:\Windows\aolback.exe.lnk
[2010/02/25 23:34:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/25 05:19:52 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/21 22:28:46 | 000,001,436 | ---- | M] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/21 22:27:18 | 000,001,672 | ---- | M] () -- C:\Users\Ramona\Desktop\CCleaner.lnk
[2010/02/20 13:29:42 | 000,007,870 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2010/02/17 15:46:02 | 000,011,056 | ---- | M] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 13:21:34 | 000,000,244 | ---- | C] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/27 13:21:33 | 000,000,877 | ---- | C] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
[2010/02/27 13:21:26 | 000,632,320 | ---- | C] () -- C:\Windows\System32\win32extension.dll
[2010/02/25 23:34:19 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/21 22:28:44 | 000,001,436 | ---- | C] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/17 15:45:57 | 000,011,056 | ---- | C] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[2010/02/13 00:28:01 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009/12/06 00:04:42 | 000,320,718 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/09/11 04:57:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 05:01:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/09 09:19:49 | 000,249,872 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vp5zb
[2009/07/09 08:57:57 | 000,393,232 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.3xbocca
[2009/07/09 08:36:07 | 000,258,064 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2g5k2
[2009/07/09 08:14:17 | 000,172,048 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.e7by1
[2009/07/09 07:52:26 | 000,196,624 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gzlqu
[2009/07/09 07:30:36 | 000,090,128 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.18w2zno
[2009/07/09 07:08:45 | 000,032,784 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.pwgg5
[2009/07/09 06:46:55 | 000,180,240 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.rjhd88s
[2009/07/09 06:25:04 | 000,143,376 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.edjyw
[2009/07/09 06:03:14 | 000,155,664 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.1jlyiy
[2009/07/09 05:41:23 | 000,061,456 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.jwoecv
[2009/07/09 05:19:33 | 000,000,016 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.cnus8
[2009/07/09 04:57:43 | 000,315,408 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ciupwdy
[2009/07/09 04:35:52 | 000,028,688 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.4b6994
[2009/07/09 04:14:01 | 000,163,856 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gfk01j4
[2009/07/09 03:51:59 | 000,225,296 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.mgi0ju
[2009/07/09 03:30:03 | 000,397,328 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.llcevk
[2009/07/09 03:08:11 | 000,098,320 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.g386g
[2009/07/09 02:46:21 | 000,270,352 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.qxndr50
[2009/07/09 02:24:30 | 000,114,704 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vx8074k
[2009/07/09 02:02:39 | 000,364,560 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2prga7
[2009/07/09 01:40:49 | 000,311,312 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.t6l5l
[2009/07/09 01:18:56 | 000,073,744 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.h9nsnnz
[2009/07/09 00:57:05 | 000,204,816 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ykhhtj
[2009/07/09 00:35:14 | 000,208,912 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.f49c6r6
[2009/07/03 20:48:05 | 000,102,416 | ---- | C] () -- C:\ProgramData\Mode Pile Beep.0or25d4
[2009/07/03 20:47:43 | 000,053,264 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.s5j5bxq
[2009/07/03 20:47:42 | 000,024,592 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.5ypgb1
[2009/06/01 10:01:17 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\5654D927AE.sys
[2009/06/01 10:01:16 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/06/01 09:41:12 | 001,353,296 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2009/04/02 18:27:01 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/11/07 19:56:07 | 000,001,356 | ---- | C] () -- C:\Users\Ramona\AppData\Local\d3d9caps.dat
[2008/10/31 08:55:44 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008/09/20 10:35:58 | 000,000,691 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2008/09/20 10:35:58 | 000,000,035 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2008/09/09 22:03:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/25 22:41:43 | 000,023,040 | ---- | C] () -- C:\Users\Ramona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 21:27:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\GsiDi32.dll
[2008/07/21 21:20:36 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2008/07/21 20:27:25 | 000,007,870 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2008/07/15 21:06:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/15 21:06:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/15 21:06:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/15 21:06:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/15 21:06:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/07/15 12:27:40 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

========== LOP Check ==========

[2009/10/01 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\acccore
[2008/11/26 05:10:20 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\LimeWire
[2009/04/25 17:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\live-player
[2008/09/11 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\ScanSoft
[2009/07/29 06:25:21 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\setup_1096_MTE3MHwzNXww_[1]
[2008/07/22 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\Template
[2010/02/28 22:42:15 | 000,000,244 | ---- | M] () -- C:\Windows\Tasks\PersSecurity.job
[2010/02/28 22:42:19 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

part 228th February 2010, 11:11 pm

I hope this is correct, as my head is totally done in today.......

OTL logfile created on: 28/02/2010 23:09:05 - Run 2
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 211.01 Gb Free Space | 73.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.43% Space Free | Partition Type: NTFS
Drive E: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMONA-PC
Current User Name: Ramona
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/24 18:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe
PRC - [2006/12/05 11:40:44 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
PRC - [2006/11/10 12:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/13 23:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe

========== Modules (SafeList) ==========

MOD - [2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2006/11/10 11:53:27 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\idleproc.dll
MOD - [2003/08/13 01:17:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 07:12:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 07:12:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/06 00:29:26 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/28 23:22:23 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfeb319e3319) Google Update Service (gupdate1c9dfeb319e3319)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/15 12:38:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/28 04:50:12 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/12/02 17:34:30 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Stopped] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/12/08 06:34:51 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/26 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/18 07:12:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 07:12:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/20 07:21:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/06 17:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/01/15 11:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/07 14:23:30 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/07/30 16:27:28 | 000,024,360 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 04:13:18 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/14 02:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/05/11 12:59:20 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2007/04/29 08:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 10:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/11/01 20:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/11/10 18:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

O1 HOSTS File: ([2010/02/28 20:06:05 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (&Security Update) - {04DFB628-514B-4E68-9076-DC1024F58A96} - C:\Windows\System32\win32extension.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {c4050ae5-e899-357f-e583-3eb0447d2141} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O24 - Desktop BackupWallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/15 20:32:42 | 000,000,111 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- [2007/06/19 22:48:38 | 000,204,680 | R--- | M] ()
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell\AutoRun\command - "" = J:\VFPcAssistant.exe -- File not found
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\AutoRun\command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\explore\Command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\open\Command - "" = e2e2~1\e2e2~1\pal.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 22:47:00 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/02/28 18:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\Malwarebytes
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\PC Tools
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/02/28 13:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/28 13:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/27 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/27 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\PersSecurity
[2010/02/26 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Local\AOL Broadband Toolbar
[2010/02/25 23:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Broadband Toolbar
[2010/02/25 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Broadband Toolbar
[2010/02/25 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/25 23:32:18 | 000,000,000 | ---D | C] -- C:\Windows\aolshare
[2010/02/25 23:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.1 Beta
[2010/02/25 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Radio_Bar_1
[2010/02/24 09:27:06 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 09:26:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 09:26:45 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 09:26:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 09:26:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 09:26:41 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 09:26:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 09:26:41 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 09:26:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 09:26:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 09:26:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 09:26:38 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/24 09:26:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 09:26:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/18 19:59:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\nagasoft
[2010/02/13 00:28:03 | 000,606,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\flashax.exe
[2010/02/13 00:28:01 | 000,000,000 | ---D | C] -- C:\Windows\Jungle Gin Screen Saver #1 dir
[2010/02/09 20:56:28 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 20:56:28 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 20:56:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 20:56:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 20:56:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 20:56:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/01 14:22:15 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2009/07/08 13:59:47 | 000,417,887 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/28 23:09:13 | 002,359,296 | -HS- | M] () -- C:\Users\Ramona\ntuser.dat
[2010/02/28 22:56:08 | 000,069,632 | ---- | M] () -- C:\Users\Ramona\Documents\otl log.wps
[2010/02/28 22:56:08 | 000,007,956 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2010/02/28 22:50:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/28 22:50:58 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/28 22:50:58 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/28 22:47:12 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/02/28 22:44:56 | 000,000,252 | ---- | M] () -- C:\Windows\win.ini
[2010/02/28 22:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/28 22:42:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/28 22:42:18 | 000,524,288 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/28 22:42:18 | 000,065,536 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/28 22:42:15 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/28 22:41:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 22:41:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 22:41:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/28 22:40:28 | 002,381,925 | -H-- | M] () -- C:\Users\Ramona\AppData\Local\IconCache.db
[2010/02/28 22:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:06:08 | 000,000,691 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2010/02/28 20:06:08 | 000,000,035 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2010/02/28 20:06:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/28 11:03:04 | 000,066,368 | ---- | M] () -- C:\Users\Ramona\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/27 13:21:33 | 000,000,877 | ---- | M] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
[2010/02/27 13:21:27 | 000,632,320 | ---- | M] () -- C:\Windows\System32\win32extension.dll
[2010/02/27 08:55:32 | 056,305,693 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/27 01:04:10 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences.dat
[2010/02/27 00:57:15 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences2.dat
[2010/02/25 23:34:19 | 000,000,857 | ---- | M] () -- C:\Windows\aolback.exe.lnk
[2010/02/25 23:34:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/25 23:28:58 | 000,054,608 | ---- | M] (AOL LLC) -- C:\Windows\System32\aolparconlink.exe
[2010/02/25 05:19:52 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 22:28:46 | 000,001,436 | ---- | M] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/21 22:27:18 | 000,001,672 | ---- | M] () -- C:\Users\Ramona\Desktop\CCleaner.lnk
[2010/02/17 15:46:02 | 000,011,056 | ---- | M] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[2010/02/13 00:28:03 | 000,606,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\flashax.exe
[2010/02/13 00:28:01 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll
[2010/02/07 03:29:05 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 23:54:14 | 000,009,728 | ---- | M] () -- C:\Users\Ramona\Documents\court letter.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 22:56:08 | 000,069,632 | ---- | C] () -- C:\Users\Ramona\Documents\otl log.wps
[2010/02/27 13:21:34 | 000,000,244 | ---- | C] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/27 13:21:33 | 000,000,877 | ---- | C] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
[2010/02/27 13:21:26 | 000,632,320 | ---- | C] () -- C:\Windows\System32\win32extension.dll
[2010/02/25 23:34:19 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/21 22:28:44 | 000,001,436 | ---- | C] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/17 15:45:57 | 000,011,056 | ---- | C] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[2010/02/13 00:28:01 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010/02/07 03:29:05 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 23:54:14 | 000,009,728 | ---- | C] () -- C:\Users\Ramona\Documents\court letter.wps
[2009/12/06 00:04:42 | 000,320,718 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/09/11 04:57:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 05:01:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/09 09:19:49 | 000,249,872 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vp5zb
[2009/07/09 08:57:57 | 000,393,232 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.3xbocca
[2009/07/09 08:36:07 | 000,258,064 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2g5k2
[2009/07/09 08:14:17 | 000,172,048 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.e7by1
[2009/07/09 07:52:26 | 000,196,624 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gzlqu
[2009/07/09 07:30:36 | 000,090,128 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.18w2zno
[2009/07/09 07:08:45 | 000,032,784 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.pwgg5
[2009/07/09 06:46:55 | 000,180,240 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.rjhd88s
[2009/07/09 06:25:04 | 000,143,376 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.edjyw
[2009/07/09 06:03:14 | 000,155,664 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.1jlyiy
[2009/07/09 05:41:23 | 000,061,456 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.jwoecv
[2009/07/09 05:19:33 | 000,000,016 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.cnus8
[2009/07/09 04:57:43 | 000,315,408 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ciupwdy
[2009/07/09 04:35:52 | 000,028,688 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.4b6994
[2009/07/09 04:14:01 | 000,163,856 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gfk01j4
[2009/07/09 03:51:59 | 000,225,296 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.mgi0ju
[2009/07/09 03:30:03 | 000,397,328 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.llcevk
[2009/07/09 03:08:11 | 000,098,320 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.g386g
[2009/07/09 02:46:21 | 000,270,352 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.qxndr50
[2009/07/09 02:24:30 | 000,114,704 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vx8074k
[2009/07/09 02:02:39 | 000,364,560 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2prga7
[2009/07/09 01:40:49 | 000,311,312 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.t6l5l
[2009/07/09 01:18:56 | 000,073,744 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.h9nsnnz
[2009/07/09 00:57:05 | 000,204,816 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ykhhtj
[2009/07/09 00:35:14 | 000,208,912 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.f49c6r6
[2009/07/03 20:48:05 | 000,102,416 | ---- | C] () -- C:\ProgramData\Mode Pile Beep.0or25d4
[2009/07/03 20:47:43 | 000,053,264 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.s5j5bxq
[2009/07/03 20:47:42 | 000,024,592 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.5ypgb1
[2009/06/01 10:01:17 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\5654D927AE.sys
[2009/06/01 10:01:16 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/06/01 09:41:12 | 001,353,296 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2009/04/02 18:27:01 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/11/07 19:56:07 | 000,001,356 | ---- | C] () -- C:\Users\Ramona\AppData\Local\d3d9caps.dat
[2008/10/31 08:55:44 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008/09/20 10:35:58 | 000,000,691 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2008/09/20 10:35:58 | 000,000,035 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2008/09/09 22:03:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/25 22:41:43 | 000,023,040 | ---- | C] () -- C:\Users\Ramona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 21:27:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\GsiDi32.dll
[2008/07/21 21:20:36 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2008/07/21 20:27:25 | 000,007,956 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2008/07/15 21:06:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/15 21:06:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/15 21:06:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/15 21:06:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/15 21:06:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/07/15 12:27:40 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Personal security problem1st March 2010, 12:06 am

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (&Security Update) - {04DFB628-514B-4E68-9076-DC1024F58A96} - C:\Windows\System32\win32extension.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {c4050ae5-e899-357f-e583-3eb0447d2141} - No CLSID value found.
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{254173ce-526f-11dd-afc8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- [2007/06/19 22:48:38 | 000,204,680 | R--- | M] ()
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4564cc4a-dbf9-11dd-86eb-00038a000015}\Shell\AutoRun\command - "" = J:\VFPcAssistant.exe -- File not found
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\AutoRun\command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\explore\Command - "" = e2e2~1\e2e2~1\pal.exe
O33 - MountPoints2\{6f4cab2e-7b97-11dd-9166-00038a000015}\Shell\open\Command - "" = e2e2~1\e2e2~1\pal.exe
[2010/02/27 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/27 13:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\PersSecurity
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

I's Finally Gone (Hopes!)1st March 2010, 7:37 am

Thank you so much, for the first time in over 24 hours I'm not faced with that (bleep Bleep) screen. This is the log I printed off after running the fix. Once again thank you so very much.

Best Regards Ramona

OTL logfile created on: 01/03/2010 07:28:37 - Run 4
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 211.00 Gb Free Space | 73.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.43% Space Free | Partition Type: NTFS
Drive E: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMONA-PC
Current User Name: Ramona
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/01 07:25:21 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
PRC - [2010/02/26 05:25:24 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2009/08/18 07:12:54 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/18 07:12:53 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 07:12:50 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/18 07:12:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/18 07:12:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/06 00:29:26 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/21 10:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/24 18:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe
PRC - [2008/01/21 02:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/09/19 03:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PRC - [2007/03/12 17:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/12/05 11:40:44 | 000,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
PRC - [2006/11/10 12:11:58 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/11/02 12:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/13 23:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe

========== Modules (SafeList) ==========

MOD - [2010/03/01 07:25:21 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
MOD - [2009/08/18 07:12:54 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2006/11/10 11:53:27 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\idleproc.dll
MOD - [2003/08/13 01:17:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 07:12:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/18 07:12:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/06 00:29:26 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/28 23:22:23 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dfeb319e3319) Google Update Service (gupdate1c9dfeb319e3319)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/15 12:38:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/28 04:50:12 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/12/02 17:34:30 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/08/31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/12/08 06:34:51 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/26 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/18 07:12:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/18 07:12:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/20 07:21:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/06 17:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/01/15 11:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/07 14:23:30 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 04:13:18 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/14 02:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/05/11 12:59:20 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2007/04/29 08:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 10:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/11/01 20:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/11/10 18:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

O1 HOSTS File: ([2010/02/28 20:06:05 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files\Radio_Bar_1\tbRadi.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1219574371\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 6.0; Trident\4.0; File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O24 - Desktop BackupWallPaper: C:\Users\Ramona\Pictures\Photo Album\Kenya\100_0290.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/15 20:32:42 | 000,000,111 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 07:25:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/01 07:25:11 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/02/28 18:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\Malwarebytes
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\PC Tools
[2010/02/28 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/02/28 13:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/28 13:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Local\AOL Broadband Toolbar
[2010/02/25 23:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Broadband Toolbar
[2010/02/25 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Broadband Toolbar
[2010/02/25 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/25 23:32:18 | 000,000,000 | ---D | C] -- C:\Windows\aolshare
[2010/02/25 23:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.1 Beta
[2010/02/25 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Radio_Bar_1
[2010/02/24 09:27:06 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 09:26:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 09:26:45 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 09:26:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 09:26:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 09:26:41 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 09:26:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 09:26:41 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 09:26:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 09:26:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 09:26:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 09:26:38 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/24 09:26:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 09:26:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/18 19:59:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\nagasoft
[2010/02/13 00:28:03 | 000,606,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\flashax.exe
[2010/02/13 00:28:01 | 000,000,000 | ---D | C] -- C:\Windows\Jungle Gin Screen Saver #1 dir
[2010/02/09 20:56:28 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 20:56:28 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 20:56:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 20:56:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 20:56:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 20:56:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/01 14:22:15 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2009/07/08 13:59:47 | 000,417,887 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 07:33:04 | 002,359,296 | -HS- | M] () -- C:\Users\Ramona\ntuser.dat
[2010/03/01 07:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/01 07:27:47 | 000,000,252 | ---- | M] () -- C:\Windows\win.ini
[2010/03/01 07:26:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 07:26:59 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\PersSecurity.job
[2010/03/01 07:26:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/01 07:26:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/01 07:26:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/01 07:26:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/01 07:25:55 | 000,524,288 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 07:25:55 | 000,065,536 | -HS- | M] () -- C:\Users\Ramona\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/01 07:25:21 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe
[2010/03/01 07:24:22 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 07:24:22 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 07:24:22 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/01 07:01:30 | 000,280,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/28 22:56:08 | 000,069,632 | ---- | M] () -- C:\Users\Ramona\Documents\otl log.wps
[2010/02/28 22:56:08 | 000,007,956 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2010/02/28 20:06:08 | 000,000,691 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2010/02/28 20:06:08 | 000,000,035 | ---- | M] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2010/02/28 20:06:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/28 11:03:04 | 000,066,368 | ---- | M] () -- C:\Users\Ramona\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/27 08:55:32 | 056,305,693 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/27 01:04:10 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences.dat
[2010/02/27 00:57:15 | 000,000,069 | ---- | M] () -- C:\Users\Ramona\jagex_runescape_preferences2.dat
[2010/02/25 23:34:19 | 000,000,857 | ---- | M] () -- C:\Windows\aolback.exe.lnk
[2010/02/25 23:34:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/25 23:28:58 | 000,054,608 | ---- | M] (AOL LLC) -- C:\Windows\System32\aolparconlink.exe
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 22:28:46 | 000,001,436 | ---- | M] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/21 22:27:18 | 000,001,672 | ---- | M] () -- C:\Users\Ramona\Desktop\CCleaner.lnk
[2010/02/17 15:46:02 | 000,011,056 | ---- | M] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[2010/02/13 00:28:03 | 000,606,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\flashax.exe
[2010/02/13 00:28:01 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll
[2010/02/07 03:29:05 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 23:54:14 | 000,009,728 | ---- | M] () -- C:\Users\Ramona\Documents\court letter.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 22:56:08 | 000,069,632 | ---- | C] () -- C:\Users\Ramona\Documents\otl log.wps
[2010/02/27 13:21:34 | 000,000,244 | ---- | C] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/27 13:21:33 | 000,000,877 | ---- | C] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
[2010/02/25 23:34:19 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\AOL 9.1 Beta.lnk
[2010/02/21 22:28:44 | 000,001,436 | ---- | C] () -- C:\Users\Ramona\Documents\cc_20100221_222839.reg
[2010/02/17 15:45:57 | 000,011,056 | ---- | C] () -- C:\Users\Ramona\Documents\100205copypayslip.pdf
[2010/02/13 00:28:01 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010/02/07 03:29:05 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 23:54:14 | 000,009,728 | ---- | C] () -- C:\Users\Ramona\Documents\court letter.wps
[2009/12/06 00:04:42 | 000,320,718 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009/09/11 04:57:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 05:01:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/09 09:19:49 | 000,249,872 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vp5zb
[2009/07/09 08:57:57 | 000,393,232 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.3xbocca
[2009/07/09 08:36:07 | 000,258,064 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2g5k2
[2009/07/09 08:14:17 | 000,172,048 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.e7by1
[2009/07/09 07:52:26 | 000,196,624 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gzlqu
[2009/07/09 07:30:36 | 000,090,128 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.18w2zno
[2009/07/09 07:08:45 | 000,032,784 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.pwgg5
[2009/07/09 06:46:55 | 000,180,240 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.rjhd88s
[2009/07/09 06:25:04 | 000,143,376 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.edjyw
[2009/07/09 06:03:14 | 000,155,664 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.1jlyiy
[2009/07/09 05:41:23 | 000,061,456 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.jwoecv
[2009/07/09 05:19:33 | 000,000,016 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.cnus8
[2009/07/09 04:57:43 | 000,315,408 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ciupwdy
[2009/07/09 04:35:52 | 000,028,688 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.4b6994
[2009/07/09 04:14:01 | 000,163,856 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.gfk01j4
[2009/07/09 03:51:59 | 000,225,296 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.mgi0ju
[2009/07/09 03:30:03 | 000,397,328 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.llcevk
[2009/07/09 03:08:11 | 000,098,320 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.g386g
[2009/07/09 02:46:21 | 000,270,352 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.qxndr50
[2009/07/09 02:24:30 | 000,114,704 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.vx8074k
[2009/07/09 02:02:39 | 000,364,560 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.2prga7
[2009/07/09 01:40:49 | 000,311,312 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.t6l5l
[2009/07/09 01:18:56 | 000,073,744 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.h9nsnnz
[2009/07/09 00:57:05 | 000,204,816 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.ykhhtj
[2009/07/09 00:35:14 | 000,208,912 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.f49c6r6
[2009/07/03 20:48:05 | 000,102,416 | ---- | C] () -- C:\ProgramData\Mode Pile Beep.0or25d4
[2009/07/03 20:47:43 | 000,053,264 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.s5j5bxq
[2009/07/03 20:47:42 | 000,024,592 | ---- | C] () -- C:\ProgramData\Mags Draw Draw.5ypgb1
[2009/06/01 10:01:17 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\5654D927AE.sys
[2009/06/01 10:01:16 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/06/01 09:41:12 | 001,353,296 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2009/04/02 18:27:01 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/11/07 19:56:07 | 000,001,356 | ---- | C] () -- C:\Users\Ramona\AppData\Local\d3d9caps.dat
[2008/10/31 08:55:44 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008/09/20 10:35:58 | 000,000,691 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\GetValue.vbs
[2008/09/20 10:35:58 | 000,000,035 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\SetValue.bat
[2008/09/09 22:03:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/07/25 22:41:43 | 000,023,040 | ---- | C] () -- C:\Users\Ramona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 21:27:54 | 000,025,088 | ---- | C] () -- C:\Windows\System32\GsiDi32.dll
[2008/07/21 21:20:36 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2008/07/21 20:27:25 | 000,007,956 | ---- | C] () -- C:\Users\Ramona\AppData\Roaming\wklnhst.dat
[2008/07/15 21:06:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/15 21:06:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/15 21:06:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/15 21:06:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/15 21:06:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/07/15 12:27:40 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Personal security problem1st March 2010, 10:34 pm

Please post Extras.txt too.

Extra's1st March 2010, 11:40 pm

OTL Extras logfile created on: 28/02/2010 22:54:30 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Ramona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 211.02 Gb Free Space | 73.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.43% Space Free | Partition Type: NTFS
Drive E: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMONA-PC
Current User Name: Ramona
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" =
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"FirewallOverride" =
"FirstRunDisabled" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26BA39F7-87A1-4D0D-8595-1D0861DD7BA2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{405BAAA4-067C-49D9-A205-42E8156806C3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{47CA8ADE-8D61-448E-8D67-C3CFC310AA44}" = lport=445 | protocol=6 | dir=in | app=system |
"{4FDD77EF-AD03-4684-B99A-166D2202E848}" = rport=445 | protocol=6 | dir=out | app=system |
"{54B1E96A-D1AC-4DD2-9C96-0E11794BAE47}" = lport=138 | protocol=17 | dir=in | app=system |
"{582D0E07-1ED9-4295-AEEA-7FBA7D553D1C}" = rport=139 | protocol=6 | dir=out | app=system |
"{5882A913-E819-4244-9AC4-FD92E286B2F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{6427DF55-223C-4CC6-8E07-059D1BE9AB07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{774CF0FF-F0F7-4F51-959D-0A8F2FA143B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{78C85C49-1C70-4FA8-A86C-50C936645F8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{817FB88A-AF5E-47C3-B047-F8A930E4AF93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{904350DD-AB74-450C-BB20-C2F88C69826B}" = lport=139 | protocol=6 | dir=in | app=system |
"{9351113F-0EFA-40BE-859D-58DD93126052}" = rport=137 | protocol=17 | dir=out | app=system |
"{943B780C-917F-4D0C-96E0-53D8348E8136}" = lport=2869 | protocol=6 | dir=in | app=system |
"{949ECACC-5E69-4024-BFE5-6681F333491E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95A138BB-6C3A-45FC-80BD-B1249E3BC6D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0D9D25A-059B-4048-A180-A7966D9BF1A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B73A6B1D-A1F9-4B18-A545-AD72ECFF9285}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C3C57540-C448-4CFC-841F-EEB8E1A133F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0479614-6E1D-443A-8E7F-80574F5F8649}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E732B544-300F-4316-9D8C-61471B07A50B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E79A0EDF-095F-4FA6-8A57-9B2E0FC21139}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F795FDEE-872A-4F99-A49D-2E39D5B59B41}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C1CC9F-638B-49DA-AEA5-1A0E04B3E30A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{01E01522-C31D-49CC-9CC7-D33C1BF50F0E}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{09C6D2FD-5886-49F4-AB3A-AE0EEF09F7D8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{0F091760-05A7-4B69-B385-C7399F7F0D5E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{10F546F8-BE8D-4FDC-9DD3-830A9172A2A0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1219574371\ee\aolsoftware.exe |
"{1297F54C-A969-4318-9CD3-056882B77350}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{150D3F5D-7685-45FC-B6F3-4CFAA661A8E3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{17E21096-C934-40E4-A5F2-41F482B89F9D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{1EDA1C99-4780-4CF7-A034-C17991CDF77E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{27B5D024-4642-49D6-A0E3-93A45CA1A66F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{347450A5-9B64-4027-8223-6A4FEAB5012B}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\aol.exe |
"{373DEFBC-30DC-4F03-B230-2049975E7860}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{37B8B0DF-A3DF-4DC9-8F51-CB47B57527D3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1219574371\ee\aoldesktop.exe |
"{4A47DC5F-B7FC-4FC7-B2FA-5796D0001C62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C8AA39F-369B-439E-B07E-F94A4F5ACCF7}" = protocol=6 | dir=in | app=c:\program files\aol 9.1 beta\waol.exe |
"{65546F0D-405B-4288-94AA-09BE9FC99F7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B10DB5D-D82D-4F6E-962A-E324C75C1C04}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{6D79FEC9-C46F-4BED-A5A4-D2D375D917CD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{713AD3E4-1D56-43BE-9714-A82068CA778A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{72518D1E-7AAC-40AE-8EE0-5D588CE59D2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{784C31A6-A1C8-422E-ADAC-F269F26EF7A0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1219574371\ee\aoldesktop.exe |
"{8CC162CD-2615-46B4-8FBB-5CE9FA9C394E}" = protocol=6 | dir=out | app=system |
"{92B5C0DD-A2F6-4358-B812-9E33172C03B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9592D8DD-00B9-4F3C-8283-7369FE86B950}" = protocol=17 | dir=in | app=c:\program files\aol 9.1 beta\waol.exe |
"{A2E06172-3BC5-4527-9158-6793C6E03FB9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A844A9DF-175A-4A97-AA75-BFB95CF99272}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B50D9CD3-66C4-41D2-B581-36D28AB164F9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BFD9E639-7A6E-41D8-90BB-D674F1FDB329}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{C12A24CD-B13C-407D-A4AD-83611CEA2E31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2328C94-81C7-446C-961C-42D295A714D8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CC0EFFF3-E389-431D-B8A1-C7ACD6CA4C97}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D1791969-9CDB-4894-9F7D-AB256A201ED4}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\aol.exe |
"{F5324F65-6EBD-4915-95B6-E1092D43EC33}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F99EB38D-6CB3-4D0A-A639-06385B6F0D11}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1219574371\ee\aolsoftware.exe |
"{F9BB3A8C-EA5A-4535-A209-D373C99B881E}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA03D1F6-4D1F-4ED4-B4DF-C784C2C05BAA}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FF7B524D-0351-41AD-9EFE-C996B3FBD346}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"TCP Query User{2A7AF40B-9083-40EE-994A-6E2A76452984}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{97040AB9-C0E5-46F2-955C-046FABF806B1}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{AF4F7EFB-0D93-46F3-9522-8FBBE7D7AC63}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{10EC6E64-BDC1-4BBA-BA72-FEA584913337}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{7F6820E4-F01A-42F5-A57B-2234697E1380}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C3A27E24-03F2-4FD1-AB8D-B4739BA06620}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Broadband Toolbar" = AOL Broadband Toolbar
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG8Uninstall" = AVG Free 8.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PowerDVDPlayer" = Power DVD Player 2.0
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Radio_Bar_1 Toolbar" = Radio_Bar_1 Toolbar
"rdftpgahen" = Browser Extension Tool Mxlivemedia
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.0.3
"Veetle TV" = Veetle TV 0.9.16
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Armada Tanks" = Armada Tanks Full Version
"PersSecurity" = Personal Security

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/09/2009 00:16:08 | Computer Name = Ramona-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2009 02:49:25 | Computer Name = Ramona-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/09/2009 03:52:33 | Computer Name = Ramona-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14b0 Start Time: 01ca31eb8b53e290 Termination Time: 15

Error - 10/09/2009 10:21:39 | Computer Name = Ramona-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/09/2009 10:24:43 | Computer Name = Ramona-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/09/2009 03:53:14 | Computer Name = Ramona-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 464 Start Time: 01ca32b4d8c1b453 Termination Time: 0

Error - 12/09/2009 11:40:53 | Computer Name = Ramona-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/09/2009 07:59:56 | Computer Name = Ramona-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/09/2009 15:59:14 | Computer Name = Ramona-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/09/2009 15:59:20 | Computer Name = Ramona-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 28/02/2010 16:50:48 | Computer Name = Ramona-PC | Source = DCOM | ID = 10010
Description =

Error - 28/02/2010 18:21:13 | Computer Name = Ramona-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 28/02/2010 18:44:20 | Computer Name = Ramona-PC | Source = DCOM | ID = 10005
Description =

Error - 28/02/2010 18:44:20 | Computer Name = Ramona-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 28/02/2010 18:44:28 | Computer Name = Ramona-PC | Source = DCOM | ID = 10005
Description =

Error - 28/02/2010 18:44:31 | Computer Name = Ramona-PC | Source = DCOM | ID = 10005
Description =

Error - 28/02/2010 18:44:34 | Computer Name = Ramona-PC | Source = DCOM | ID = 10005
Description =

Error - 28/02/2010 18:44:34 | Computer Name = Ramona-PC | Source = DCOM | ID = 10005
Description =

Error - 28/02/2010 18:45:09 | Computer Name = Ramona-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 28/02/2010 18:45:09 | Computer Name = Ramona-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Re: Personal security problem2nd March 2010, 12:00 am

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2010/02/27 13:21:34 | 000,000,244 | ---- | C] () -- C:\Windows\tasks\PersSecurity.job
[2010/02/27 13:21:33 | 000,000,877 | ---- | C] () -- C:\Users\Ramona\Desktop\Personal Security.lnk
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Personal security problem

Permissions in this forum:

You cannot reply to topics in this forum

Personal security problem

descriptionPersonal security problem28th February 2010, 5:42 pm

descriptionRe: Personal security problem28th February 2010, 10:31 pm

descriptionOTL Log28th February 2010, 10:57 pm

descriptionpart 228th February 2010, 11:11 pm

descriptionRe: Personal security problem1st March 2010, 12:06 am

descriptionI's Finally Gone (Hopes!)1st March 2010, 7:37 am

descriptionRe: Personal security problem1st March 2010, 10:34 pm

descriptionExtra's1st March 2010, 11:40 pm

descriptionRe: Personal security problem2nd March 2010, 12:00 am

descriptionRe: Personal security problem