Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Hpigon-AX and Win32:Adware-gen in registry


  • This topic is locked This topic is locked

#1
}:{

}:{

    Member

  • Member
  • PipPip
  • 16 posts
I have run avast boottime scan(paid version) and the following free ones adware, super anti spyware and malewarebytes. I started out with 82 infections now I am down to 13 in my windows xp registry. avast gets error message there is not enough space in virus chest for hupigon, adware-gen appeared to be moved in to the chest but was there on a following scan. Super anti spyware said it successfully quarantined what it found but follow up scan showed nothing had been quarantined. The symptoms are variable in nature: red (sometimes flashing) around the perimeter of dialog box/start box/web pages, disappearing taskbar, blank screen black with the red lined perimeter or all white when on line and off line, things open and close on their own, the computer freezes up or shuts off. Results of SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2011 at 04:08 AM

Application Version : 4.55.1000

Core Rules Database Version : 7391
Trace Rules Database Version: 5202

Scan type : Complete Scan
Total Scan Time : 02:44:13

Memory items scanned : 299
Memory threats detected : 0
Registry items scanned : 7076
Registry threats detected : 13
File items scanned : 36152
File threats detected : 0

System.BrokenFileAssociation
HKCR\.exe

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib Results of the Avast Boottime scan
Win32:Adware-gen is located here: C:\System Volume Information-restore(875C8FF2-73CD-488E-A339-0BA662B02339)\RP610\A022642.dll Zeros or the letter not sure. The dll was exe on a previous scan I think.
Win32:Hupigon-AX is here: C:\WINDOWS\pchealth\ERROR REP\UserDumps\pctsSvc.exe20100625-115325-00.hdmp
Thanks for your time and help with my problem I really appreciate it.

Catherine



OTL logfile created on: 7/12/2011 4:00:02 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\owner_2\Desktop\Application Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 336.23 Mb Available Physical Memory | 75.32% Memory free
1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 28.64 Gb Free Space | 38.44% Space Free | Partition Type: NTFS

Computer Name: OWNER-DEBBA350B | User Name: owner_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\owner_2\Desktop\Application Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\owner_2\Desktop\Application Programs\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


========== Win32 Services (SafeList) ==========

SRV - (VideoScavenger_1eService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (mr97310c) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (K56) -- C:\WINDOWS\system32\drivers\k56nt.sys (Conexant Systems)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\fallback.sys (Conexant Systems)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\basic2.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\v124nt.sys (Conexant Systems)
DRV - (Cnxtdiag) -- C:\WINDOWS\system32\drivers\cnxtdiag.sys (Conexant Systems)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\fsksnt.sys (Conexant Systems)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\faxnt.sys (Conexant Systems)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\tonesnt.sys (Conexant Systems)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\rksample.sys (Conexant Systems)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hccfl.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 53 51 85 B3 D1 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-77-0-IR6h
IE - HKCU\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/03/12 03:42:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\owner_2\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/04/26 06:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/06/23 14:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 03:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/12 12:07:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files\VideoScavenger_1e\bar\1.bin [2010/12/24 23:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/27 17:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 14:29:33 | 000,000,000 | ---D | M]

[2009/09/27 01:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Extensions
[2009/03/15 23:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 01:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Extensions\[email protected]
[2011/07/07 10:30:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions
[2010/12/02 06:39:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 19:21:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/01 01:17:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2011/01/15 13:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/07/01 15:40:41 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/06/05 03:33:35 | 000,000,000 | ---D | M] (eGames Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
[2011/07/07 10:30:05 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/15 04:24:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/01 15:40:49 | 000,000,000 | ---D | M] (Couponbar Community Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{f849b368-94ea-4bec-a4aa-2c3ee4560b2f}
[2011/05/13 20:06:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\[email protected]
[2010/03/08 18:22:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\[email protected](2).jung
[2011/03/27 00:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/01 15:04:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/22 17:19:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/21 19:08:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/01/05 03:46:03 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/01/05 03:46:04 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/01/05 03:46:04 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/07/01 15:04:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/02 09:55:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/02 09:55:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/03/27 17:01:05 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/06/23 14:29:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/27 17:07:21 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2011/03/27 16:58:57 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/03/29 08:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - Reg Error: Value error. File not found
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - Reg Error: Value error. File not found
O2 - BHO: (Shop to Win 14) - {80092EBB-DC79-4C8A-B646-9DC1F7441300} - C:\Program Files\Shop to Win 14\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - Reg Error: Value error. File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [rfagent] C:\Program Files\RFA\rfagent32.exe (KsL Software)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\owner_2\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\owner_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 16:44:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 09:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2011/07/08 01:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\QuickScan
[2011/07/07 03:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/06 21:37:40 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2011/07/06 09:58:46 | 000,000,000 | ---D | C] -- C:\Netgear
[2011/07/03 19:17:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2011/07/03 13:14:47 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/03 11:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/07/03 11:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/07/02 03:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\SUPERAntiSpyware.com
[2011/07/02 03:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/02 03:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/02 03:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/01 09:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 14:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/13 17:05:12 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\owner_2\My Documents\*.tmp files -> C:\Documents and Settings\owner_2\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 00:25:30 | 000,007,376 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\PrintAllCheck.aspx.htm
[2011/07/12 00:08:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 21:24:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 21:23:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD9F360C-8A80-4111-BF11-DB110567AC18}.job
[2011/07/11 21:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA1F62DC-C120-42EF-A246-76C317A36B64}.job
[2011/07/11 21:16:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/11 21:16:16 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/11 21:15:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 21:15:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
[2011/07/11 21:15:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
[2011/07/11 21:08:24 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 21:08:24 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\PTSchedule.job
[2011/07/11 21:05:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/11 10:07:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3565DA84-2D7C-4A11-897D-CF67E5DC1484}.job
[2011/07/11 07:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/10 08:03:48 | 000,002,549 | ---- | M] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
[2011/07/09 18:20:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 03:00:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/07 16:36:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
[2011/07/07 07:13:02 | 000,806,057 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\bookmarks.html
[2011/07/07 04:11:29 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config
[2011/07/06 22:24:03 | 000,005,903 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Router_Setup.html
[2011/07/06 09:32:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/07/05 12:02:21 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
[2011/07/03 13:14:38 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/03 08:00:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/02 03:08:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/29 07:56:22 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 00:40:49 | 000,419,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 00:40:49 | 000,069,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/23 13:55:19 | 001,047,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/23 12:17:44 | 000,174,042 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Part 2.jpg
[2011/06/23 12:16:54 | 000,160,576 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\part 3.jpg
[2011/06/23 12:16:15 | 000,189,675 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Part 1.jpg
[2011/06/23 12:15:32 | 000,285,177 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\part 5.jpg
[2011/06/23 12:14:23 | 000,175,692 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\part 4.jpg
[2011/06/19 15:22:53 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\fusioncache.dat
[2011/06/19 14:45:18 | 000,332,898 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\mikescomputerinfo.com 2011-6-19 14-44-41.png
[2011/06/19 08:46:30 | 000,027,028 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\514YD3AQG7L._SL500_AA300_.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\Documents and Settings\owner_2\My Documents\*.tmp files -> C:\Documents and Settings\owner_2\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 00:25:29 | 000,007,376 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\PrintAllCheck.aspx.htm
[2011/07/10 08:03:48 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
[2011/07/09 14:20:17 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/07 07:12:59 | 000,806,057 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\bookmarks.html
[2011/07/07 04:11:29 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2011/07/06 22:24:03 | 000,005,903 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Router_Setup.html
[2011/07/06 22:24:03 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\owner_2\Desktop\Router Login.url
[2011/07/03 13:16:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/02 12:55:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/02 03:08:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/23 12:17:28 | 000,174,042 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Part 2.jpg
[2011/06/23 12:16:37 | 000,160,576 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\part 3.jpg
[2011/06/23 12:16:00 | 000,189,675 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Part 1.jpg
[2011/06/23 12:15:20 | 000,285,177 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\part 5.jpg
[2011/06/23 12:14:11 | 000,175,692 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\part 4.jpg
[2011/06/19 20:37:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/19 15:22:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\fusioncache.dat
[2011/06/19 14:45:04 | 000,332,898 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\mikescomputerinfo.com 2011-6-19 14-44-41.png
[2011/06/19 08:46:08 | 000,027,028 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\514YD3AQG7L._SL500_AA300_.jpg
[2010/11/06 12:45:11 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2010LE.ini
[2010/06/22 17:29:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/28 04:09:39 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/16 21:35:16 | 000,372,384 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe
[2010/04/16 21:35:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2010/04/16 21:35:11 | 001,969,824 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe
[2010/04/16 21:35:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2010/04/16 21:35:05 | 000,102,048 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2010/04/16 21:35:04 | 000,010,251 | R--- | C] () -- C:\WINDOWS\System32\Vista.ini
[2010/04/16 21:35:04 | 000,009,868 | R--- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2010/04/16 21:35:04 | 000,000,593 | R--- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2010/04/16 21:35:01 | 000,007,261 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2010/03/23 23:16:49 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2010/03/21 00:04:57 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2010/03/01 21:23:37 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/12/05 11:19:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/27 19:14:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/09/12 00:54:11 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 22:14:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/20 19:57:17 | 000,000,872 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/20 19:57:17 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/20 19:57:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2009/03/20 19:55:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/03/20 19:47:30 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/15 23:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/15 01:52:47 | 000,017,064 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/15 01:42:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/15 01:42:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/11 17:14:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/11 16:48:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/11 16:41:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/11 11:00:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 10:59:13 | 001,047,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,419,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,069,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2011/07/11 21:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/03 06:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/02/24 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/06/03 06:19:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/03/31 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/07/03 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/16 00:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/08/08 09:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/02/12 08:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry First Aid
[2011/07/09 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2010/02/24 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/03/20 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/07 16:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2011/07/10 10:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/16 21:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/05/08 09:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/05 09:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/04 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/04/24 21:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/04/26 06:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/12 11:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/01 19:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 06:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 11:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/03 19:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2011/05/08 13:01:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
[2010/06/17 03:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Amazon
[2011/04/02 09:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Catalina Marketing Corp
[2009/03/17 03:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/24 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\EGAMESTOOLBAR
[2009/03/14 20:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\eMusic
[2010/04/27 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Facebook
[2011/06/03 08:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\FCSB000000001
[2011/03/28 02:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\FrostWire
[2009/03/19 03:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\GameHouse
[2010/02/12 05:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\MSNInstaller
[2011/03/27 16:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\OpenCandy
[2009/03/23 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\OverDrive
[2009/10/22 22:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\PC-FAX TX
[2009/03/29 00:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\PDM
[2011/07/08 01:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\QuickScan
[2011/04/28 04:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Registry Mechanic
[2009/12/04 23:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\ScanSoft
[2010/07/08 01:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Singlesnet
[2010/04/25 20:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Stykz
[2011/02/05 16:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Uniblue
[2010/07/12 23:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Windows Search
[2010/10/23 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\ZumoDrive
[2011/07/11 07:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/06 09:32:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2010/04/22 04:33:34 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task 2.job
[2010/03/20 03:18:31 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task.job
[2011/07/11 21:08:24 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\PTSchedule.job
[2011/03/16 12:44:23 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/07/11 10:07:35 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3565DA84-2D7C-4A11-897D-CF67E5DC1484}.job
[2011/07/11 21:23:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CD9F360C-8A80-4111-BF11-DB110567AC18}.job
[2011/07/11 21:23:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA1F62DC-C120-42EF-A246-76C317A36B64}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3

< End of report >

OTL Extras logfile created on: 7/12/2011 4:00:03 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\owner_2\Desktop\Application Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 336.23 Mb Available Physical Memory | 75.32% Memory free
1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 28.64 Gb Free Space | 38.44% Space Free | Partition Type: NTFS

Computer Name: OWNER-DEBBA350B | User Name: owner_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Documents and Settings\owner_2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Documents and Settings\owner_2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\bin\TW2006.exe" = C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\bin\TW2006.exe:*:Disabled:Tiger Woods PGA TOUR® 06
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Disabled:The Battle for Middle-earth ™
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Disabled:The Battle for Middle-earth™ II
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Zecter\ZumoDrive\zumodrive.exe" = C:\Program Files\Zecter\ZumoDrive\zumodrive.exe:*:Disabled:ZumoDrive
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1B06427F-1845-44E2-9022-AA630EBFF817}" = The Print Shop 21
"{1BA0D65E-9970-4BE6-80D9-63039E860433}" = Print Workshop 2010 LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{32BE21EE-C1E4-42B7-A2E5-917F7C5F9642}" = DropBook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}" = In-Fisherman Freshwater Trophies
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz 1.0 for Windows (RC 4)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D1F09697-5F94-4528-BBF7-6AE58A0D74E5}" = Landscape Vision
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB8DC554-959C-49E9-B816-E488103B1033}" = Nero 7 Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"amg-texttwist2" = TextTwist 2
"amg-wordslinger" = Word Slinger
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"Combat Arms" = Combat Arms
"coralreef_3133975" = coralreef_3133975 Screen Saver
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital DJ Pro" = Digital DJ Pro 1.7.0
"egamestoolbar" = eGames Toolbar
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"exoticwaterfalls_3133976" = exoticwaterfalls_3133976 Screen Saver
"forestfairy_3136689" = forestfairy_3136689 Screen Saver
"fullmoonoverwater_3142291" = fullmoonoverwater_3142291 Screen Saver
"guardianangels_3056760" = guardianangels_3056760 Screen Saver
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"inspirationaladvice_3130188" = inspirationaladvice_3130188 Screen Saver
"InstallShield_{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}" = In-Fisherman Freshwater Trophies
"kittyinthewindow_3102795" = kittyinthewindow_3102795 Screen Saver
"lightningstrikes_3123875" = lightningstrikes_3123875 Screen Saver
"lilcritter_3143409" = lilcritter_3143409 Screen Saver
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"monitorwasher_3056808" = monitorwasher_3056808 Screen Saver
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nano" = Nano 1.1.1
"nature_3120380" = nature_3120380 Screen Saver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"playfuldolphin_3122094" = playfuldolphin_3122094 Screen Saver
"pughappy_3129550" = pughappy_3129550 Screen Saver
"RealPlayer 12.0" = RealPlayer
"Registry First Aid_is1" = Registry First Aid
"scaryblackcat_3102800" = scaryblackcat_3102800 Screen Saver
"Shop to Win 14" = Shop to Win 14
"tranquildays_3101135" = tranquildays_3101135 Screen Saver
"tropicalwaterfalls_3123868" = tropicalwaterfalls_3123868 Screen Saver
"turkeyprotest_3113667" = turkeyprotest_3113667 Screen Saver
"VideoScavenger_1ebar Uninstall" = VideoScavenger
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wordsofwisdom_3130652" = wordsofwisdom_3130652 Screen Saver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aqua Bubble 2" = Aqua Bubble 2
"Aqua Pearls" = Aqua Pearls
"Aqua Words" = Aqua Words
"Aquatic of Sherwood" = Aquatic of Sherwood
"Bubble Ice Age" = Bubble Ice Age
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2011 10:43:46 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:48 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:50 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:51 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:53 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:54 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:56 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:58 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:43:59 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

Error - 7/11/2011 10:44:01 AM | Computer Name = OWNER-DEBBA350B | Source = ESENT | ID = 467
Description = SearchIndexer (3148) Index SystemIndex_Gthr of table indexRecovery
is corrupted (0).

[ OSession Events ]
Error - 5/10/2010 9:37:02 AM | Computer Name = OWNER-DEBBA350B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10478 seconds with 7020 seconds of active time. This session ended with
a crash.

[ System Events ]
Error - 7/11/2011 7:26:08 AM | Computer Name = OWNER-DEBBA350B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SABKUTIL

Error - 7/11/2011 9:01:19 PM | Computer Name = OWNER-DEBBA350B | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.0.2 for the Network Card with network
address 00E04D5E88C2 has been denied by the DHCP server 172.16.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/11/2011 9:01:31 PM | Computer Name = OWNER-DEBBA350B | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 7/11/2011 9:02:04 PM | Computer Name = OWNER-DEBBA350B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 9:02:49 PM | Computer Name = OWNER-DEBBA350B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm Lbd SABKUTIL SASDIFSV SASKUTIL

Error - 7/11/2011 9:03:18 PM | Computer Name = OWNER-DEBBA350B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/11/2011 9:07:02 PM | Computer Name = OWNER-DEBBA350B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/11/2011 9:08:30 PM | Computer Name = OWNER-DEBBA350B | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 7/11/2011 9:09:58 PM | Computer Name = OWNER-DEBBA350B | Source = Service Control Manager | ID = 7000
Description = The VideoScavenger Service service failed to start due to the following
error: %%3

Error - 7/11/2011 9:09:58 PM | Computer Name = OWNER-DEBBA350B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SABKUTIL


< End of report >

Edited by }:{, 12 July 2011 - 02:42 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there Catherine sorry for the delay, I will do a quick and dirty fix to start with and then take a better look. What are your current problems ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - Reg Error: Value error. File not found
    O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - Reg Error: Value error. File not found
    O2 - BHO: (Shop to Win 14) - {80092EBB-DC79-4C8A-B646-9DC1F7441300} - C:\Program Files\Shop to Win 14\ShoppingBHO.dll (Freecause Inc.)
    O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - Reg Error: Value error. File not found
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - Reg Error: Value error. File not found
    [2011/07/10 08:03:48 | 000,002,549 | ---- | M] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
    [2011/07/06 09:32:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
    [2010/04/22 04:33:34 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task 2.job
    [2010/03/20 03:18:31 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for your time and help with my problem I really appreciate it.
KEYSTR0KES-BL0CKED -By-VIRUS -NOW.F8 -W0RKS-TillSystemREBootS.Files-NOW -UNREADABLE AhnLab\V3IS80-installED-NOW . ONly -WIN-ADWARE/MySearch-left-iF-right. . . Catherine
OTL logfile created on: 7/17/2011 4:57:41 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 243.16 Mb Available Physical Memory | 54.47% Memory free
1.03 Gb Paging File | 0.95 Gb Available in Paging File | 92.10% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb otal Space | 30.07 Gb Free Space | 40.36% Space Free | Partition Type: NTFS

Computer Name: OWNER-DEBBA350B | User Name: owner_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (VideoScavenger_1eService) -- File not found
SRV - (NSL) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (V3 Service) -- C:\Program Files\AhnLab\V3IS80\V3Svc.exe (AhnLab, Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (v3engine) -- C:\WINDOWS\system32\drivers\v3engine.sys (AhnLab, Inc.)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AhnSZE) -- C:\WINDOWS\system32\drivers\ahnsze.sys (AhnLab, Inc.)
DRV - (MeDCoreD_AhnLab V3 Internet Security 8.0) -- C:\Program Files\AhnLab\V3IS80\MeDCoreD.sys (AhnLab, Inc.)
DRV - (ATamptNt_V3IS80) -- C:\Program Files\AhnLab\V3IS80\ATamptNt.sys (AhnLab, Inc.)
DRV - (AhnRghNt) -- C:\WINDOWS\system32\drivers\AhnRghNt.sys (AhnLab, Inc.)
DRV - (TfFRegNt) -- C:\Program Files\AhnLab\V3IS80\TFFREGNT.SYS (AhnLab, Inc.)
DRV - (V3Flu2k_V3IS80) -- C:\Program Files\AhnLab\V3IS80\V3Flu2k.sys (AhnLab, Inc.)
DRV - (V3IFt2K) -- C:\Program Files\AhnLab\V3IS80\V3Ift2k.sys (AhnLab, Inc.)
DRV - (V3Flt2K) -- C:\Program Files\AhnLab\V3IS80\V3Flt2k.sys (AhnLab, Inc.)
DRV - (ASZFltNt) -- C:\Program Files\AhnLab\V3IS80\ASZFltNt.sys (AhnLab, Inc.)
DRV - (AhnRec2K) -- C:\WINDOWS\system32\drivers\AhnRec2k.sys (AhnLab, Inc.)
DRV - (AhnFlt2K) -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys (AhnLab, Inc.)
DRV - (aswNdis) -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (TfProcNt) -- C:\Program Files\AhnLab\V3IS80\AHAWKENT.SYS (AhnLab, Inc.)
DRV - (ISPrxEnt) -- C:\Program Files\AhnLab\V3IS80\ISPrxENt.sys (AhnLab, Inc.)
DRV - (AMonTDnt) -- C:\WINDOWS\system32\drivers\AMonTDNt.sys (AhnLab, Inc.)
DRV - (ISPIBEnt) -- C:\Program Files\AhnLab\V3IS80\ISPIBENt.sys (AhnLab, Inc.)
DRV - (ISIPSEnt) -- C:\Program Files\AhnLab\V3IS80\ISIPSENt.sys (AhnLab, Inc.)
DRV - (ISFWEnt) -- C:\Program Files\AhnLab\V3IS80\ISFWENt.sys (AhnLab, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AMonHKnt) -- C:\WINDOWS\system32\drivers\AMonHKNT.sys (AhnLab, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AhnActNt) -- C:\Program Files\AhnLab\V3IS80\AhnACtNt.sys (AhnLab, Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (CdmDrvNt) -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys (AhnLab, Inc.)
DRV - (mr97310c) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (K56) -- C:\WINDOWS\system32\drivers\k56nt.sys (Conexant Systems)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\fallback.sys (Conexant Systems)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\basic2.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\system32\drivers\v124nt.sys (Conexant Systems)
DRV - (Cnxtdiag) -- C:\WINDOWS\system32\drivers\cnxtdiag.sys (Conexant Systems)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\fsksnt.sys (Conexant Systems)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\faxnt.sys (Conexant Systems)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\tonesnt.sys (Conexant Systems)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\rksample.sys (Conexant Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 53 51 85 B3 D1 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-77-0-IR6h
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/03/12 03:42:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\owner_2\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/04/26 06:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/07/16 11:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files\VideoScavenger_1e\bar\1.bin [2010/12/24 23:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/27 17:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/16 11:42:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 11:35:37 | 000,000,000 | ---D | M]

[2009/09/27 01:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Extensions
[2009/09/27 01:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Extensions\[email protected]
[2011/07/16 11:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions
[2010/12/02 06:39:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/01 19:21:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/01 01:17:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2011/01/15 13:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2011/07/01 15:40:41 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/06/05 03:33:35 | 000,000,000 | ---D | M] (eGames Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
[2011/07/16 11:35:32 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2010/04/15 04:24:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/01 15:40:49 | 000,000,000 | ---D | M] (Couponbar Community Toolbar) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\{f849b368-94ea-4bec-a4aa-2c3ee4560b2f}
[2011/05/13 20:06:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\[email protected]
[2010/03/08 18:22:06 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\[email protected](2).jung
[2011/07/16 11:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\extensions\staged(2)
[2011/03/27 00:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/22 17:19:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/05 03:46:03 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/01/05 03:46:04 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/01/05 03:46:04 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/07/01 15:04:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/02 09:55:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/02 09:55:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/17 16:45:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [rfagent] C:\Program Files\RFA\rfagent32.exe (KsL Software)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [V3 Session Process] C:\Program Files\AhnLab\V3IS80\V3SP.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\owner_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 16:44:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{a565e230-10ec-11de-a3d2-00e04d5e88c2}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 16:45:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/17 16:22:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/07/17 15:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
[2011/07/17 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/07/17 15:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/07/17 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/07/17 15:07:58 | 002,358,416 | ---- | C] (ParetoLogic Inc.) -- C:\ParetoLogic FileCure.exe
[2011/07/17 13:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/17 09:55:29 | 000,039,512 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\amonlwlh.sys
[2011/07/17 09:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\My Documents\DriverPerformer
[2011/07/17 09:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Performer
[2011/07/17 09:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2011/07/17 07:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\New Folder
[2011/07/17 04:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AhnLab
[2011/07/17 04:17:44 | 000,095,880 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonTDNt.sys
[2011/07/17 04:17:44 | 000,087,648 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonTDLH.sys
[2011/07/17 04:17:44 | 000,056,928 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRghNt.sys
[2011/07/17 04:17:44 | 000,053,224 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonHKNT.sys
[2011/07/17 04:17:44 | 000,053,088 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnFlt2k.sys
[2011/07/17 04:17:44 | 000,020,576 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRec2k.sys
[2011/07/17 04:17:44 | 000,019,608 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\CdmDrvNt.sys
[2011/07/17 04:17:42 | 000,031,424 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\V3w32se2.dll
[2011/07/17 04:17:33 | 001,549,904 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2011/07/17 04:16:40 | 002,030,032 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2011/07/17 04:16:40 | 001,993,808 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\BTScan.exe
[2011/07/17 04:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AhnLab
[2011/07/17 04:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2011/07/17 04:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2011/07/17 02:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\My Documents\Downloads
[2011/07/17 02:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\My Documents\Animations
[2011/07/17 01:05:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner_2\My Documents\My Documents
[2011/07/16 14:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\My Documents\kailynn`s wolf
[2011/07/16 11:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/07/16 11:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/16 11:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\FCSB000000001
[2011/07/16 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVIConverter
[2011/07/16 11:37:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
[2011/07/16 11:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/07/16 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2011/07/16 10:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/07/16 10:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/07/16 10:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/07/16 05:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2011/07/16 05:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
[2011/07/16 05:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\erunt
[2011/07/15 11:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/07/15 04:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\AceBIT
[2011/07/15 03:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Ahead
[2011/07/14 01:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/07/14 01:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Garden Planner
[2011/07/12 20:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/12 20:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/12 20:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\HP
[2011/07/12 06:00:38 | 000,000,000 | ---D | C] -- C:\sfzone_profile
[2011/07/12 05:08:25 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/12 05:08:25 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/12 05:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/07/12 05:08:21 | 000,103,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/07/12 05:07:48 | 000,194,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/07/12 05:07:48 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/12 05:07:47 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/12 05:07:46 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/12 05:07:46 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/12 05:07:46 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/12 05:07:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/12 05:02:32 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/07/12 05:02:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/12 05:02:29 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/10 09:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2011/07/08 01:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\QuickScan
[2011/07/07 03:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/07 01:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malware and Spyware Cleaning Guide - Geeks to Go Forums_files
[2011/07/06 21:37:40 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS
[2011/07/03 19:17:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2011/07/03 13:14:47 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/03 11:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/07/03 11:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/07/02 03:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner_2\Application Data\SUPERAntiSpyware.com
[2011/07/02 03:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/02 03:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/02 03:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/01 09:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 14:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[4 C:\Documents and Settings\owner_2\My Documents\*.tmp files -> C:\Documents and Settings\owner_2\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 16:55:24 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Shortcut to OTL.exe.lnk
[2011/07/17 16:48:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 16:45:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/17 16:22:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/07/17 15:11:57 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/17 15:11:46 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/07/17 15:11:46 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/17 15:11:42 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic FileCure.lnk
[2011/07/17 15:11:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/07/17 15:07:59 | 002,358,416 | ---- | M] (ParetoLogic Inc.) -- C:\ParetoLogic FileCure.exe
[2011/07/17 13:50:20 | 001,047,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/17 13:38:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CD9F360C-8A80-4111-BF11-DB110567AC18}.job
[2011/07/17 13:38:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA1F62DC-C120-42EF-A246-76C317A36B64}.job
[2011/07/17 13:16:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/17 12:42:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 12:32:21 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/17 12:32:07 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/17 12:27:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 12:27:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
[2011/07/17 12:27:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
[2011/07/17 09:39:19 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Driver Performer.lnk
[2011/07/17 09:35:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3565DA84-2D7C-4A11-897D-CF67E5DC1484}.job
[2011/07/17 09:14:08 | 000,244,832 | ---- | M] () -- C:\DriverPerformer_16i.exe
[2011/07/17 07:40:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\PTSchedule.job
[2011/07/17 04:17:50 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AhnLab V3 Internet Security 8.0.lnk
[2011/07/17 03:48:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/16 17:22:47 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\Shortcut to Cathy's Documents.lnk
[2011/07/16 17:22:47 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\Shortcut to Shared Documents.lnk
[2011/07/16 16:36:52 | 000,000,394 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Shortcut to Shared Documents.lnk
[2011/07/16 14:21:08 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/16 11:47:43 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/07/16 11:47:40 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/16 11:45:53 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2011/07/16 11:45:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/15 10:55:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/15 03:36:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/14 16:36:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
[2011/07/13 10:13:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/07/12 22:19:38 | 000,078,152 | ---- | M] () -- C:\WINDOWS\hpfins05.dat
[2011/07/12 20:32:47 | 000,078,999 | ---- | M] () -- C:\WINDOWS\hpfins05.dat.temp
[2011/07/12 20:01:48 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
[2011/07/10 08:03:48 | 000,002,549 | ---- | M] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
[2011/07/08 05:46:00 | 002,030,032 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2011/07/08 05:46:00 | 001,993,808 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\BTScan.exe
[2011/07/07 04:11:29 | 000,000,126 | ---- | M] () -- C:\WINDOWS\System32\mmc.exe.config
[2011/07/06 22:24:03 | 000,005,903 | ---- | M] () -- C:\Documents and Settings\owner_2\Desktop\Router_Setup.html
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:37:33 | 000,103,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:36:18 | 000,194,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 13:14:38 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/02 03:08:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/28 00:32:00 | 001,549,904 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2011/06/27 00:40:49 | 000,419,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 00:40:49 | 000,069,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 15:22:53 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\fusioncache.dat
[2011/06/19 14:45:18 | 000,332,898 | ---- | M] () -- C:\Documents and Settings\owner_2\My Documents\mikescomputerinfo.com 2011-6-19 14-44-41.png
[4 C:\Documents and Settings\owner_2\My Documents\*.tmp files -> C:\Documents and Settings\owner_2\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 16:55:24 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Shortcut to OTL.exe.lnk
[2011/07/17 15:11:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/07/17 15:11:46 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/07/17 15:11:46 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\FileCure Default.job
[2011/07/17 15:11:42 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic FileCure.lnk
[2011/07/17 15:11:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/07/17 09:39:19 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Driver Performer.lnk
[2011/07/17 09:14:08 | 000,244,832 | ---- | C] () -- C:\DriverPerformer_16i.exe
[2011/07/17 07:31:55 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AhnLab V3 Internet Security 8.0.lnk
[2011/07/17 04:17:50 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AhnLab V3 Internet Security 8.0.lnk
[2011/07/16 17:43:03 | 000,092,821 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\meeeeeeeeeeee and kay kay.jpg
[2011/07/16 16:36:52 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Shortcut to Shared Documents.lnk
[2011/07/16 16:17:16 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\Shortcut to Cathy's Documents.lnk
[2011/07/16 15:58:26 | 000,000,394 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\Shortcut to Shared Documents.lnk
[2011/07/16 14:33:20 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\-PAXP-deijE.gif
[2011/07/16 14:33:14 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\GsNJNwuI-UM.gif
[2011/07/16 14:33:09 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\ai_002.htm
[2011/07/16 14:32:59 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\ai.htm
[2011/07/16 14:16:18 | 000,278,297 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\Picture 128.jpg
[2011/07/16 05:20:16 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Regwork.job
[2011/07/14 02:32:10 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
[2011/07/14 01:14:15 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\owner_2\Application Data\ini.xml
[2011/07/12 22:17:26 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2011/07/12 22:17:26 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2011/07/12 20:09:26 | 000,078,152 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2011/07/12 20:09:25 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2011/07/12 05:08:26 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/07/10 08:03:48 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
[2011/07/07 04:11:29 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2011/07/06 22:24:03 | 000,005,903 | ---- | C] () -- C:\Documents and Settings\owner_2\Desktop\Router_Setup.html
[2011/07/06 22:24:03 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\owner_2\Desktop\Router Login.url
[2011/07/03 13:16:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/02 12:55:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/02 03:08:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/19 20:37:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/19 15:22:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\fusioncache.dat
[2011/06/19 14:45:04 | 000,332,898 | ---- | C] () -- C:\Documents and Settings\owner_2\My Documents\mikescomputerinfo.com 2011-6-19 14-44-41.png
[2010/11/06 12:45:11 | 000,000,065 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2010LE.ini
[2010/06/22 17:29:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/28 04:09:39 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/16 21:35:16 | 000,372,384 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe
[2010/04/16 21:35:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe
[2010/04/16 21:35:11 | 001,969,824 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe
[2010/04/16 21:35:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2010/04/16 21:35:05 | 000,102,048 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2010/04/16 21:35:04 | 000,010,251 | R--- | C] () -- C:\WINDOWS\System32\Vista.ini
[2010/04/16 21:35:04 | 000,009,868 | R--- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2010/04/16 21:35:04 | 000,000,593 | R--- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2010/04/16 21:35:01 | 000,007,261 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2010/03/23 23:16:49 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2010/03/21 00:04:57 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2010/03/01 21:23:37 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009/12/05 11:19:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/27 19:14:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/09/12 00:54:11 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\owner_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 22:14:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/20 19:57:17 | 000,000,872 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/20 19:57:17 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/20 19:57:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2009/03/20 19:55:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/03/20 19:47:30 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/03/15 23:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/15 01:52:47 | 000,017,064 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/15 01:42:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/15 01:42:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/11 17:14:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/11 16:48:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/11 16:41:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/11 11:00:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 10:59:13 | 001,047,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,419,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,069,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2011/07/17 04:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2011/07/12 05:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/03 06:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/02/24 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/06/03 06:19:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/17 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/07/14 01:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garden Planner
[2011/07/03 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/16 00:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/08/08 09:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/17 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/02/12 08:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry First Aid
[2011/07/16 11:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2011/07/09 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2010/02/24 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/03/20 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/07/16 11:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2011/07/10 10:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/16 21:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/07/16 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/12 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/04 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/04/24 21:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/04/26 06:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/12 11:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/01 19:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 06:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 11:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/03 19:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2011/07/16 11:37:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
[2010/06/17 03:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Amazon
[2011/04/02 09:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Catalina Marketing Corp
[2009/03/17 03:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/24 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\EGAMESTOOLBAR
[2009/03/14 20:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\eMusic
[2010/04/27 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Facebook
[2011/07/16 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\FCSB000000001
[2011/03/28 02:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\FrostWire
[2009/03/19 03:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\GameHouse
[2010/02/12 05:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\MSNInstaller
[2011/03/27 16:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\OpenCandy
[2009/03/23 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\OverDrive
[2009/10/22 22:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\PC-FAX TX
[2009/03/29 00:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\PDM
[2011/07/08 01:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\QuickScan
[2011/04/28 04:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Registry Mechanic
[2009/12/04 23:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\ScanSoft
[2010/07/08 01:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Singlesnet
[2011/07/17 02:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Stykz
[2011/02/05 16:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Uniblue
[2010/07/12 23:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\Windows Search
[2010/10/23 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner_2\Application Data\ZumoDrive
[2011/07/17 13:16:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/13 10:13:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/07/17 15:11:46 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Default.job
[2011/07/17 15:11:46 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job
[2010/04/22 04:33:34 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task 2.job
[2010/03/20 03:18:31 | 000,000,158 | ---- | M] () -- C:\WINDOWS\Tasks\New Task.job
[2011/07/17 15:11:57 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/07/17 15:11:42 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/07/17 07:40:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\PTSchedule.job
[2011/07/16 11:45:53 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\Regwork.job
[2011/03/16 12:44:23 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/07/17 09:35:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3565DA84-2D7C-4A11-897D-CF67E5DC1484}.job
[2011/07/17 13:38:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CD9F360C-8A80-4111-BF11-DB110567AC18}.job
[2011/07/17 13:38:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA1F62DC-C120-42EF-A246-76C317A36B64}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3

< End of report >

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-17 18:50:19
-----------------------------
18:50:19.234 OS Version: Windows 5.1.2600 Service Pack 3
18:50:19.234 Number of processors: 1 586 0x209
18:50:19.234 ComputerName: OWNER-DEBBA350B UserName: owner_2
18:50:21.156 Initialize success
18:50:22.375 AVAST engine defs: 11071200
18:51:54.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
18:51:54.546 Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
18:51:54.578 Disk 0 MBR read successfully
18:51:54.609 Disk 0 MBR scan
18:51:55.156 Disk 0 Windows XP default MBR code
18:51:55.203 Disk 0 scanning sectors +156232125
18:51:55.937 Disk 0 scanning C:\WINDOWS\system32\drivers
18:52:20.609 Service scanning
18:52:26.406 Disk 0 trace - called modules:
18:52:26.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
18:52:26.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853174b0]
18:52:26.515 3 CLASSPNP.SYS[f788ffd7] -> nt!IofCallDriver -> \Device\0000007c[0x853182c0]
18:52:26.531 5 ACPI.sys[f7806620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x85318d98]
18:52:28.015 AVAST engine scan C:\WINDOWS
18:52:41.609 AVAST engine scan C:\WINDOWS\system32
18:55:20.265 AVAST engine scan C:\WINDOWS\system32\drivers
18:55:46.500 AVAST engine scan C:\Documents and Settings\owner_2
19:01:16.000 AVAST engine scan C:\Documents and Settings\All Users
19:04:39.250 Scan finished successfully
19:06:30.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner_2\Desktop\MBR.dat"
19:06:30.031 The log file has been saved successfully to "C:\Documents and Settings\owner_2\Desktop\aswMBR.txt"

Edited by }:{, 17 July 2011 - 05:17 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK methinks we will need a slightly stronger tool now - on completion of these runs can you let me know what problems remain. Do not let Avast sandbox anything whilst these programmes are running

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No CLSID value found.
    [2011/07/10 08:03:48 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\cde2842f963b45efcc651e08c27abff2.szcpf
    [2011/06/03 06:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/07/03 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/03/16 00:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    [2011/07/16 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Dear Sir, I've discovered the on screen keyboard, so much easier than ransom note style of communication (copy and paste). I hate to tell you this but I filed the first log from OTL, when i tried get it the name of the file was not Log but Moved File (wiseguys!), opened it to find C Documents and Settings, opened to All Users and on it went but I think
i've finally found it, files have developed legs and are playing hide and seek. OTL logfile created on: 7/19/2011 3:24:05 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.42 Mb Total Physical Memory | 96.21 Mb Available Physical Memory | 21.55% Memory free
1.03 Gb Paging File | 0.69 Gb Available in Paging File | 67.33% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.99 Gb Free Space | 40.26% Space Free | Partition Type: NTFS

Computer Name: OWNER-DEBBA350B | User Name: owner_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn (AhnLab, Inc.)
PRC - C:\Program Files\AhnLab\V3IS80\V3PScan.exe (AhnLab, Inc.)
PRC - C:\Program Files\AhnLab\V3IS80\V3Svc.exe (AhnLab, Inc.)
PRC - C:\Program Files\AhnLab\V3IS80\V3SP.exe (AhnLab, Inc.)
PRC - C:\Program Files\RFA\rfagent32.exe (KsL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


========== Modules (SafeList) ==========

MOD - C:\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) I had to leave while the scan by Billy III was still running at work now, it installed windows recovery console or updated it, but it didn't reboot. There was a message pev.cfxxehas has encountered an error and needs to close. will post that log this evening. Thanks again cyber warrior for your help! Once again I am unable to produce a log. There was another error message Warning Error Saving File C\WINDOWS\erdnt\subs\Users\00000002\UserClass.dat! Continue wth the next file? ERegCreateKeyExi5-Access is denied, with an OK button. Clicked it, microsoft error box appeared. catchme.cfxxc has encountered a problem and needs to close. Clickd on details. App Ver 0.0.0.0. ModName ntdll.dll Mod Ver 5.1.2600.6055 Offset 000101b3 That box disappeared, Billy's box disappeared. I did save it to the desktop as told to, but my desktop is empty. Did I do something wrong? Are we beyond help, my computer and I?

Edited by }:{, 20 July 2011 - 12:07 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ooops sorry I did not see that you had edited, I receive no notification for edits

OK lets delve some deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#7
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
7/20/2011 22:35:49 OK Module psapi.dll Object was not changed (iChecker)
I have had to stop Kaspersky scan. Ran 11 hours, said 99% complete. Would say 4, 3, 2, and 1 minute to completion and then say 4 minutes again over and again. Clicked stop saved report, screen froze, when tried to copy report box came saying password protectd. Now screen covered up and frozen.
4 threats detected, one was able to write down before covered up. KVR Tool has detected legal software that can be used by criminals or damaging your computer or personal data. It is multigeneric (not sure spelled it correctly) Object C:\SystemVolumeInformation\_restor_--\A022491.dll Detected not avjrus. AdwareWin32MegaSearch.o The recommendation was deletion, disinfection impossible.
Started a new scan in hopes of getting report to you. The only only thing I know how to zip is clothing but I will endeavor to correct that. In the mean time may I delete C:\SystemVolumeInfo...6491.dll? There is a box offering that opportunity which I'm finding very very hard to resist so I may have already done it by the time you read this but I will try to be good.
Another threat has been found C:\aswSnx private storage\webStora...\pev.cfxxe Recommended quarantine and deletion.
About symptoms...after Billys (cant recall name) the last set of scans, for a brief time there were was no red line out linig web pages, no 'thumb.db' or 'desk.i something' sprinkled about in my folders. Thought malware was was gone. I reinstalled ahn internet security red ljne showed up and he scan scheduling window was black, no words. still not able to use keyboard, which was blocked when I installed a keystroke scrambler. I removed the program in hope of the use of keyboard being restore. Haha! Silly me. No time to proof red, desktop turned purple and flashing
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can now see why combofix was not playing, Avast ran one of its files in the sandbox...

So right click the orange blob that is Avast and select "disable shields"
Select 1 hour and then run combofix again (you may need to download a fresh copy)



The elements in system restore we can safely leave to the end

The AVP file that I require is allready zipped for you here C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
  • 0

#9
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Kind Sir,Thank you for your patience. Hope I ran Combofix correctly this time. Have started KasperVRT will post new reply then.
I tried to run KVRT again after downloading a second time prior to your last reply. It ran as the installation continued to 'install' the whole time. The report was again lost when our electricity went off briefly. My keyboard continues to be blocked.
Indexing is 'Waiting to receive indexing status' and appears willing to wait for eternity. If I need to use search to locate the zip file I won't be able. If I can get to it in my usual way of going down the line folder to folder I will. I've never attached either so let me know if I have attachment issues if it's done so incorrectly in my next post.

omboFix 11-07-23.04 - owner_2 07/23/2011 23:11:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.198 [GMT -4:00]
Running from: c:\documents and settings\owner_2\Desktop\ComboFix.exe
AV: AhnLab V3 Internet Security 8.0 *Disabled/Updated* {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: AhnLab V3 Internet Security 8.0 *Disabled* {6CBF11B7-327F-4AB6-BBD3-AE8650A9D64C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner_2\Recent\Thumbs.db
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 03:58 . 2011-07-23 03:58 -------- d-----w- c:\documents and settings\owner_2\Application Data\Windows Desktop Search
2011-07-20 12:53 . 2011-07-20 12:53 1095592 ----a-w- c:\program files\AhnRpt.exe
2011-07-20 09:59 . 2011-07-20 09:59 -------- d-----w- c:\program files\New Folder
2011-07-20 08:48 . 2009-07-21 19:08 19608 ----a-w- c:\windows\system32\drivers\CdmDrvNt.sys
2011-07-20 08:48 . 2010-06-09 07:43 95880 ----a-w- c:\windows\system32\drivers\AMonTDNt.sys
2011-07-20 08:48 . 2010-06-09 07:43 87648 ----a-w- c:\windows\system32\drivers\AMonTDLH.sys
2011-07-20 08:48 . 2011-05-02 05:38 56928 ----a-w- c:\windows\system32\drivers\AhnRghNt.sys
2011-07-20 08:48 . 2010-03-04 05:01 53224 ----a-w- c:\windows\system32\drivers\AMonHKNT.sys
2011-07-20 08:48 . 2011-03-09 15:36 20576 ----a-w- c:\windows\system32\drivers\AhnRec2k.sys
2011-07-20 08:48 . 2011-03-09 15:35 53088 ----a-w- c:\windows\system32\drivers\AhnFlt2k.sys
2011-07-20 08:47 . 2011-07-18 09:05 1549904 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2011-07-20 08:46 . 2011-07-18 09:05 2030032 ----a-w- c:\windows\system32\drivers\v3engine.sys
2011-07-20 08:46 . 2011-07-18 09:05 1993808 ----a-w- c:\windows\system32\BTScan.exe
2011-07-20 07:21 . 2011-07-20 08:00 134524416 ----a-w- c:\program files\AhnLab V3 Internet Security 8.0.exe
2011-07-19 06:03 . 2011-07-19 06:04 347920 -c--a-w- C:\MicrosoftFixit.WinFileFolder.Run.exe
2011-07-19 05:34 . 2011-07-19 05:34 1146184 -c--a-w- C:\wlsetup-web.exe
2011-07-19 04:18 . 2011-07-19 04:19 21094072 -c--a-w- C:\BOIE8_ENUS_XP.EXE
2011-07-17 20:45 . 2011-07-20 05:51 -------- dc----w- C:\_OTL
2011-07-17 20:22 . 2011-07-17 20:22 579584 ----a-w- c:\program files\OTL.exe
2011-07-17 19:11 . 2011-07-17 19:11 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-07-17 19:11 . 2011-07-17 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-07-17 19:11 . 2011-07-17 19:11 -------- d-----w- c:\program files\ParetoLogic
2011-07-17 19:07 . 2011-07-17 19:07 2358416 ----a-w- C:\ParetoLogic FileCure.exe
2011-07-17 16:46 . 2011-07-17 16:46 14276088 -c--a-w- c:\program files\picasa38-setup.exe
2011-07-17 13:55 . 2010-04-20 08:12 39512 ----a-w- c:\windows\system32\drivers\amonlwlh.sys
2011-07-17 13:38 . 2011-07-17 13:38 -------- d-----w- c:\program files\Driver-Soft
2011-07-17 13:14 . 2011-07-17 13:14 244832 ----a-w- c:\program files\DriverPerformer_16i.exe
2011-07-17 11:33 . 2011-07-17 11:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\New Folder
2011-07-17 08:17 . 2010-11-26 07:08 31424 ----a-w- c:\windows\system32\V3w32se2.dll
2011-07-17 08:16 . 2011-07-17 08:17 -------- d-----w- c:\program files\Common Files\AhnLab
2011-07-17 08:15 . 2011-07-17 12:58 -------- d-----w- c:\program files\AhnLab
2011-07-17 08:15 . 2011-07-17 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AhnLab
2011-07-16 15:39 . 2011-07-16 15:39 -------- d-----w- c:\program files\Yontoo Layers Client
2011-07-16 15:39 . 2011-07-16 15:39 -------- d-----w- c:\documents and settings\owner_2\Application Data\FCSB000000001
2011-07-16 15:38 . 2011-07-16 15:38 -------- d-----w- c:\program files\AVIConverter
2011-07-16 15:37 . 2011-07-16 15:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
2011-07-16 15:00 . 2011-07-16 15:35 -------- d-----w- c:\program files\KeyScrambler
2011-07-16 14:47 . 2011-07-16 15:35 -------- d-----w- c:\program files\Norton Safe Web Lite
2011-07-16 14:47 . 2011-07-16 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-07-16 14:47 . 2011-07-16 14:47 -------- d-----w- c:\program files\NortonInstaller
2011-07-16 09:20 . 2011-07-16 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\RegWork
2011-07-16 09:20 . 2011-07-16 15:35 -------- d-----w- c:\program files\RegWork
2011-07-16 09:05 . 2011-07-16 15:35 -------- d-----w- c:\program files\erunt
2011-07-15 15:06 . 2011-07-16 15:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-07-15 08:24 . 2011-07-17 12:55 -------- d-----w- c:\program files\AceBIT
2011-07-15 07:03 . 2011-07-15 07:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ahead
2011-07-14 05:14 . 2011-07-14 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Garden Planner
2011-07-14 05:14 . 2011-07-16 15:37 -------- d-----w- c:\program files\Garden Planner
2011-07-13 00:28 . 2011-07-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-07-13 00:22 . 2011-07-13 00:32 -------- d-----w- c:\program files\HP
2011-07-13 00:08 . 2011-07-13 00:08 -------- d-----w- c:\documents and settings\owner_2\Application Data\HP
2011-07-12 10:00 . 2011-07-12 10:05 -------- dc----w- C:\sfzone_profile
2011-07-10 13:45 . 2011-07-10 13:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ahead
2011-07-10 01:22 . 2011-07-10 01:22 294912 ----a-w- c:\windows\system32\config\systemprofile\ntuser.tmp
2011-07-10 01:22 . 2011-07-10 01:22 233472 ----a-w- c:\documents and settings\NetworkService\NTUSER.tmp
2011-07-10 01:22 . 2011-07-10 01:22 233472 ----a-w- c:\documents and settings\LocalService\NTUSER.tmp
2011-07-08 05:39 . 2011-07-08 05:39 -------- d-----w- c:\documents and settings\owner_2\Application Data\QuickScan
2011-06-25 18:24 . 2011-07-10 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-25 02:00 . 2011-06-25 02:00 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 12:00 . 2011-06-13 21:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k(2).sys
2011-05-08 13:43 . 2011-05-08 13:43 18944 ----a-r- c:\documents and settings\stepherono\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-05-08 13:43 . 2011-05-08 13:43 11264 ----a-r- c:\documents and settings\stepherono\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2011-05-07 20:12 . 2011-05-07 20:12 520192 ----a-w- c:\windows\system32\guardianangels_3056760.scr
2011-05-07 20:08 . 2011-05-07 20:08 674280 ----a-w- c:\windows\system32\forestfairy_3136689.scr
2011-05-07 20:01 . 2011-05-07 20:01 674280 ----a-w- c:\windows\system32\wordsofwisdom_3130652.scr
2011-05-07 19:57 . 2011-05-07 19:57 674280 ----a-w- c:\windows\system32\inspirationaladvice_3130188.scr
2011-05-07 19:56 . 2011-05-07 19:56 674280 ----a-w- c:\windows\system32\fullmoonoverwater_3142291.scr
2011-05-07 19:50 . 2011-05-07 19:50 674280 ----a-w- c:\windows\system32\tranquildays_3101135.scr
2011-05-02 15:31 . 2009-03-11 20:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv(2).dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-07-01 19:04 . 2011-03-27 04:22 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2011-04-04 14:23 355448 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"SoundMan"="SOUNDMAN.EXE" [2007-04-17 577536]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"rfagent"="c:\program files\RFA\rfagent32.exe" [2011-04-22 2527016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"V3 Session Process"="c:\program files\AhnLab\V3IS80\V3SP.exe" [2011-05-12 367832]
.
c:\documents and settings\owner_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AhnLab\\V3IS80\\V3Proxy.ahn"=
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDNt.sys [7/20/2011 4:48 AM 95880]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\AMonHKNT.sys [7/20/2011 4:48 AM 53224]
R2 V3 Service;V3 Service;c:\program files\AhnLab\V3IS80\V3Svc.exe [7/20/2011 4:48 AM 227032]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2k.sys [7/20/2011 4:48 AM 53088]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2k.sys [7/20/2011 4:48 AM 20576]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [7/20/2011 4:48 AM 19608]
R3 ISPrxEnt;ISPrxEnt;c:\program files\AhnLab\V3IS80\ISPrxENt.sys [7/20/2011 4:48 AM 77352]
R3 TfFRegNt;TfFRegNt;c:\program files\AhnLab\V3IS80\TFFREGNT.SYS [7/20/2011 4:48 AM 55520]
R3 TfProcNt;TfProcNt;c:\program files\AhnLab\V3IS80\AHAWKENT.SYS [7/20/2011 4:48 AM 29280]
R3 V3Flt2K;V3Flt2K;c:\progra~1\AhnLab\V3IS80\V3Flt2K.sys [7/20/2011 4:48 AM 171232]
R3 V3IFt2K;V3IFt2K;c:\progra~1\AhnLab\V3IS80\V3IFt2K.sys [7/20/2011 4:48 AM 77920]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\owner_2\Desktop\Application Programs\SASKUTIL.SYS --> c:\documents and settings\owner_2\Desktop\Application Programs\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 1:24 AM 135664]
S2 NSL;Norton Safe Web Lite;"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll" /prefetch:1 --> c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [?]
S2 VideoScavenger_1eService;VideoScavenger Service; [x]
S3 AhnActNt;AhnActNt;c:\progra~1\AhnLab\V3IS80\AhnActNt.sys [7/20/2011 4:48 AM 88544]
S3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [7/20/2011 4:48 AM 56928]
S3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [7/20/2011 4:47 AM 1549904]
S3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3IS80\ASZFltNt.sys [7/20/2011 4:48 AM 127328]
S3 ATamptNt_V3IS80;ATamptNt_V3IS80;c:\progra~1\AhnLab\V3IS80\ATamptNt.sys [7/20/2011 4:48 AM 186208]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 1:24 AM 135664]
S3 ISFWEnt;ISFWEnt;c:\program files\AhnLab\V3IS80\ISFWENt.sys [7/20/2011 4:48 AM 143968]
S3 ISIPSEnt;ISIPSEnt;c:\program files\AhnLab\V3IS80\ISIPSENt.sys [7/20/2011 4:48 AM 139720]
S3 ISPIBEnt;ISPIBEnt;c:\program files\AhnLab\V3IS80\ISPIBENt.sys [7/20/2011 4:48 AM 128424]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys --> c:\windows\system32\drivers\keyscrambler.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MeDCoreD_AhnLab V3 Internet Security 8.0;MeDCoreD_AhnLab V3 Internet Security 8.0;c:\program files\AhnLab\V3IS80\MeDCoreD.sys [7/20/2011 4:46 AM 239984]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [3/21/2010 12:03 AM 110592]
S3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [7/20/2011 4:46 AM 2030032]
S3 V3Flu2k_V3IS80;V3Flu2k_V3IS80;c:\progra~1\AhnLab\V3IS80\V3Flu2k.sys [7/20/2011 4:48 AM 124000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-07-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 10:42]
.
2011-07-21 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-07-24 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2011-03-01 23:00]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 05:24]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 05:24]
.
2011-07-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2011-07-21 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2011-07-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-07-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-07-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-07-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-07-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1500820517-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 18:25]
.
2011-03-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{3565DA84-2D7C-4A11-897D-CF67E5DC1484}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{CD9F360C-8A80-4111-BF11-DB110567AC18}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{EA1F62DC-C120-42EF-A246-76C317A36B64}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki...
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\documents and settings\owner_2\Application Data\Mozilla\Firefox\Profiles\oy5dna0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-TaskTray - (no file)
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 23:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1500820517-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@DACL=(02 0000)
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
@DACL=(02 0000)
@="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\locator.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\AhnLab\V3IS80\V3Proxy.ahn
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2011-07-23 23:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 03:55
.
Pre-Run: 32,505,004,032 bytes free
Post-Run: 34,813,792,256 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1B220259B433834A652289F118D13684

Edited by }:{, 23 July 2011 - 11:29 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing I can see no sign that AVP tool has run... This leads me to suspect that Avast is running an autosandbox on it

Double click the Orange blob that is Avast
Select Real time shields
Select File shield
Select Expert settings on the right
On the dialogue that pops up select Autosandbox
In the drop down set to ask
Then OK out


Have the red outlines become less frequent (that is an indication of virtualisation)

Could you now re-run the analysis scan of AVP please, you should now be able to find the zip file

To attach :

At the bottom of the posting are is a browse button click that and it will open a dialogue
Navigate to the file to upload
Click the file
Then press the attach button

  • 0

Advertisements


#11
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
<?xml version="1.0" encoding="utf-8" ?>
- <DYNAMIC_MENU>
- <PERMISSIONS>
<EDIT>True</EDIT>
<MOVE>True</MOVE>
<DELETE>True</DELETE>
</PERMISSIONS>
- <USER_ATTRIBUTES>
<PERMISSION>FULL</PERMISSION>
<SHOW_IN_CHEVRON>True</SHOW_IN_CHEVRON>
</USER_ATTRIBUTES>
<UNIQUE_COMP_ID>50000015</UNIQUE_COMP_ID>
<DISPLAY_TEXT />
<DISPLAY_ICON />
<LAST_UPDATE_TIME />
- <BUTTON>
<DEFAULT_BUTTON_TEXT>Default_Button_Text</DEFAULT_BUTTON_TEXT>
<BUTTON_ICON_URL />
<BUTTON_TOOLTIP />
</BUTTON>
- <MENU>
<UNIQUE_COMP_ID>50000016</UNIQUE_COMP_ID>
<CAPTION />
<ICON_URL />
<HINT />
<DELETABLE>True</DELETABLE>
<ORIGIN>PUBLISHER</ORIGIN>
<EDITABLE>True</EDITABLE>
- <MENU_ITEM>
<CAPTION>Apps Gallery</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>Get more apps from lots of publishers</HINT>
<UNIQUE_COMP_ID>50000017</UNIQUE_COMP_ID>
- <DATA>
<TYPE>LINK</TYPE>
- <LINK>
<URL>http://Apps.conduit....Origin=27</URL>
</LINK>
</DATA>
</MENU_ITEM>
- <SEPARATOR>
<UNIQUE_COMP_ID>100000001</UNIQUE_COMP_ID>
</SEPARATOR>
- <MENU_ITEM>
<CAPTION>Refresh Apps</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>Get the latest updates for your apps</HINT>
- <DATA>
<TYPE>COMMAND</TYPE>
- <COMMAND>
<TYPE>CE_REFRESH_COMPONENT</TYPE>
</COMMAND>
</DATA>
<UNIQUE_COMP_ID>50000018</UNIQUE_COMP_ID>
</MENU_ITEM>
- <MENU_ITEM>
<CAPTION>Options</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>Manage your apps and settings</HINT>
- <DATA>
<TYPE>COMMAND</TYPE>
- <COMMAND>
<TYPE>OPTIONS</TYPE>
</COMMAND>
</DATA>
<UNIQUE_COMP_ID>50000019</UNIQUE_COMP_ID>
</MENU_ITEM>
- <MENU>
<CAPTION>More...</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT />
- <MENU_ITEM>
<CAPTION>Update</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>Get the latest Conduit Engine version</HINT>
- <DATA>
<TYPE>COMMAND</TYPE>
- <COMMAND>
<TYPE>DO_UPGRADE</TYPE>
</COMMAND>
</DATA>
<UNIQUE_COMP_ID>50000020</UNIQUE_COMP_ID>
</MENU_ITEM>
- <MENU_ITEM>
<CAPTION>Privacy</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>View our privacy policy</HINT>
- <DATA>
<TYPE>LINK</TYPE>
- <LINK>
<URL>http://Apps.Conduit..../Privacy/</URL>
</LINK>
</DATA>
<UNIQUE_COMP_ID>50000022</UNIQUE_COMP_ID>
</MENU_ITEM>
- <MENU_ITEM>
<CAPTION>About</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>About Conduit Engine</HINT>
- <DATA>
on screen kyboard scrambled willntry o reply fro m ob h 4 a hn n. o call you lol here s o file i could open kvrt run 3 times ut trojan tops sving report <TYPE>COMMAND</TYPE>
- <COMMAND>
<TYPE>ABOUT</TYPE>
</COMMAND>
</DATA>
<UNIQUE_COMP_ID>50000023</UNIQUE_COMP_ID>
</MENU_ITEM>
- <MENU_ITEM>
<CAPTION>Contact</CAPTION>
<ICON_URL>http://Storage.Condu....png</ICON_URL>
<HINT>Contact us</HINT>
- <DATA>
<TYPE>LINK</TYPE>
- <LINK>
<URL>http://Apps.Conduit..../Contact/</URL>
</LINK>
</DATA>
<UNIQUE_COMP_ID>50000024</UNIQUE_COMP_ID>
</MENU_ITEM>
</MENU>
</MENU>
</DYNAMIC_MENU
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm you are having problems there - lets run a deep scan from safe mode

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#13
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
onscreen keybord has been frozen evry tim try to save report cant save w/o a title so replace anothr file and replaced its contents with repot Im getting n errormssage afer click attacb saying no file but i saw the file in box i had zipped the txt file)

Edited by }:{, 25 July 2011 - 11:07 AM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have another keyboard ?
  • 0

#15
}:{

}:{

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hope file made it to you now I'll try again

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP