Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans found on the last scan

Started by Brujo , Jul 17 2011 07:41 PM

  • This topic is locked This topic is locked

#1
Brujo
Posted 17 July 2011 - 07:41 PM

Brujo

    Member

  • Member
  • PipPip
  • 34 posts
I have a Dell... Dimension E510. On my last scan i found several trojans. I've been expepiencing a slow start up and loading of IE , it's a little sluggish than normal, considering that it's the family comp and there are 4 users in total. I want to make sure that i don't have any more trojas or viruses. Any and all help is very appreciated. Thanks in advance

Dell Dimension E510
1G Ram
298G HDD


Here is the OTL scan:


OTL logfile created on: 7/17/2011 6:16:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\China\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 330.59 Mb Available Physical Memory | 32.34% Memory free
2.40 Gb Paging File | 1.79 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 90.85 Gb Free Space | 30.48% Space Free | Partition Type: NTFS

Computer Name: CAROLINA | User Name: China | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
PRC - [2011/05/25 08:36:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
MOD - [2011/05/25 08:38:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/02 04:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/05/13 14:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 15 16 09 A6 51 CA 01 [binary data]
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:3.2.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/13 09:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 08:38:11 | 000,000,000 | ---D | M]

[2010/06/21 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Extensions
[2011/02/27 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions
[2010/06/26 21:47:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 10:06:12 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/01/21 09:21:07 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/09/11 23:14:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/21 09:21:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/14 10:47:55 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/02/27 08:27:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\[email protected]
[2011/02/06 14:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 18:38:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/01 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 07:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:03:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/25 08:38:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/07/13 09:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/07/06 07:14:58 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/04/13 21:51:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/27 08:27:38 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/08/21 16:32:24 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 18:16:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2011/07/06 07:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/28 04:04:15 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/06/28 04:04:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/06/28 04:04:14 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/06/28 04:04:14 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/06/28 04:04:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/06/28 04:04:12 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/06/28 04:04:12 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/06/28 04:04:10 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/06/28 04:04:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/06/28 04:04:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/06/28 04:04:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/06/28 04:04:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/06/28 04:04:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/06/28 04:04:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/06/28 04:04:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/06/28 04:04:04 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/06/28 04:04:03 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/06/28 04:04:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/06/28 04:04:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/06/28 04:04:00 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/06/28 04:04:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/06/28 04:03:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/06/28 04:03:57 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/06/28 04:03:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/06/28 04:03:56 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/06/28 04:03:56 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/06/28 04:03:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/06/28 04:03:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/06/28 04:03:53 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/06/28 04:03:52 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/06/28 04:03:52 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/06/28 04:03:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/06/28 04:03:50 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/06/28 04:03:48 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/06/28 04:03:48 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/06/28 04:03:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/06/28 04:03:46 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/06/28 04:03:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/06/28 04:03:45 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/06/28 04:03:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/06/28 04:03:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/06/28 04:03:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/06/28 04:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/06/28 04:03:40 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/06/28 04:03:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/06/28 04:03:38 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/06/28 04:03:36 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/06/28 04:03:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/06/28 04:03:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/06/28 04:03:32 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/06/28 04:03:32 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/06/28 04:03:30 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/06/28 04:03:28 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/06/28 04:03:26 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/06/28 04:03:26 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/06/28 04:03:24 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/06/28 04:03:22 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/06/28 04:03:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/06/28 04:03:20 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/06/28 04:03:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/06/28 04:03:16 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/06/28 04:03:16 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/06/28 04:03:15 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/06/28 04:03:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/06/28 04:03:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/06/28 04:03:11 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/06/28 04:03:09 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/06/28 04:03:07 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/06/28 04:03:07 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/06/28 04:03:05 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/06/28 04:03:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/06/28 04:03:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/06/28 04:03:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/06/28 04:03:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/06/28 04:03:01 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/06/28 04:02:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/06/28 04:02:58 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/06/28 04:02:56 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/06/28 04:02:56 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/06/28 04:02:55 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/06/28 04:02:49 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/06/28 04:02:47 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/06/28 04:02:47 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/06/28 04:02:46 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/06/28 04:02:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/06/28 04:02:44 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/06/28 04:02:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/06/28 04:02:42 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/06/28 04:02:41 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/06/28 04:02:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/06/28 03:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/06/27 07:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/06/21 18:02:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/21 08:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\China\Local Settings\Application Data\Yahoo
[2011/06/21 08:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\China\Application Data\Yahoo!
[2011/06/21 08:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/06/21 08:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/06/18 06:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/20 14:26:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[1996/11/18 21:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 18:20:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2011/07/17 18:04:15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006UA.job
[2011/07/17 17:57:53 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job
[2011/07/17 17:56:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/17 17:56:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/07/17 17:56:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/07/17 17:55:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/07/17 17:55:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/07/17 17:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 16:00:55 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/07/17 12:39:51 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/07/17 11:28:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/07/17 09:03:31 | 122,570,916 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/16 11:04:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006Core.job
[2011/07/15 04:16:49 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/07/14 19:06:17 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 19:06:16 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Google Chrome.lnk
[2011/07/13 09:01:33 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/13 07:47:25 | 000,180,736 | ---- | M] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/12 22:46:32 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 22:38:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 04:58:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/07/05 11:07:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 05:55:21 | 002,258,891 | ---- | M] () -- C:\Documents and Settings\China\My Documents\ZooskMessenger_3.0.105.2.air
[2011/06/27 23:49:22 | 000,441,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 23:49:22 | 000,071,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 07:17:20 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/18 07:06:41 | 000,059,168 | ---- | M] () -- C:\Documents and Settings\China\My Documents\miseria digna.jpg
[2011/06/18 06:21:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 05:55:14 | 002,258,891 | ---- | C] () -- C:\Documents and Settings\China\My Documents\ZooskMessenger_3.0.105.2.air
[2011/06/27 07:17:20 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/18 07:06:55 | 000,059,168 | ---- | C] () -- C:\Documents and Settings\China\My Documents\miseria digna.jpg
[2011/06/18 06:21:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/18 06:21:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/02 14:08:57 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/20 14:26:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2010/11/20 14:26:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2010/11/20 14:26:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2010/11/19 15:20:56 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/24 17:28:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 17:28:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 17:28:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 17:28:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 17:28:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 18:39:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/21 15:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 17:25:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 09:22:41 | 000,180,736 | ---- | C] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:38:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/11 07:37:45 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/03/10 20:06:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 20:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/10 12:00:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/10 11:59:17 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1998/05/30 23:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 21:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 21:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 21:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 21:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F9DA7C5F9021B76E
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4

< End of report >






Extras scan:


OTL Extras logfile created on: 7/17/2011 6:16:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\China\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 330.59 Mb Available Physical Memory | 32.34% Memory free
2.40 Gb Paging File | 1.79 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 90.85 Gb Free Space | 30.48% Space Free | Partition Type: NTFS

Computer Name: CAROLINA | User Name: China | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E17C94B-913A-48A4-B1A8-8CE25157C170}" = Media Player Product Tool 5.36
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Free iPod Video Converter_is1" = Free iPod Video Converter V 2.93
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"ST6UNST #1" = LindseyJones CRT RRT Exam Questions 860 XE
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2011 3:42:07 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.1.609, faulting module
quicktime.qts, version 7.68.75.0, fault address 0x0004baf9.

Error - 5/5/2011 4:32:15 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application recordingmanager.exe, version 12.0.1.609, faulting
module rjm4pln.dll, version 12.0.1.609, fault address 0x00005876.

Error - 5/5/2011 4:32:29 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket -2114341293.

Error - 5/5/2011 2:17:14 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/5/2011 2:17:19 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket -1886626976.

Error - 5/6/2011 10:05:07 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/6/2011 10:05:30 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket 1913181861.

Error - 5/8/2011 5:25:57 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 1:15:00 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x07500f70.

Error - 5/9/2011 2:14:52 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

[ Application Events ]
Error - 4/3/2011 3:42:07 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.1.609, faulting module
quicktime.qts, version 7.68.75.0, fault address 0x0004baf9.

Error - 5/5/2011 4:32:15 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application recordingmanager.exe, version 12.0.1.609, faulting
module rjm4pln.dll, version 12.0.1.609, fault address 0x00005876.

Error - 5/5/2011 4:32:29 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket -2114341293.

Error - 5/5/2011 2:17:14 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/5/2011 2:17:19 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket -1886626976.

Error - 5/6/2011 10:05:07 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/6/2011 10:05:30 AM | Computer Name = CAROLINA | Source = Application Error | ID = 1001
Description = Fault bucket 1913181861.

Error - 5/8/2011 5:25:57 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 1:15:00 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x07500f70.

Error - 5/9/2011 2:14:52 PM | Computer Name = CAROLINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

[ System Events ]
Error - 7/16/2011 1:01:38 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:01:44 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:01:54 PM | Computer Name = CAROLINA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/16/2011 1:02:06 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:12 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:18 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:24 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:33 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:48 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/16/2011 1:02:54 PM | Computer Name = CAROLINA | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.


< End of report >
  • 0

Advertisements

#2
havredave
Posted 10 August 2011 - 11:05 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

I'm sorry it's taken so long for someone to get to your post.

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix. Also, I'm currently still in training, so there may be a longer than normal pause between my posts as I get expert feedback and permission to post each fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

We'll need to get a fresh scan before we go further.

First:

Please open OTL.exe again, and paste the following into the Custom Scans/Fixes box:

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.sys
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Then, press the Quick Scan button.

When OTL is finished with its run, you should have a new OTL.txt file. Please copy/paste its contents into a new reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it. It may ask you if you'd like to download fresh Avast! definitions to scan with. Please say yes, and let it download.

When the download and update is finished, click the "Scan" button to start the scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image



Reply with a fresh OTL scan and the aswMBR scan results, and I'll get started!
  • 0

#3
Brujo
Posted 11 August 2011 - 08:05 AM

Brujo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks havredave for the help. It's ok , i understand that you take the time to give us a hand and we really appreciate that. Thanks again.

Here is the result of the OTL Scan:


OTL logfile created on: 8/11/2011 6:45:51 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\China\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 305.14 Mb Available Physical Memory | 29.85% Memory free
2.40 Gb Paging File | 1.55 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 85.80 Gb Free Space | 28.78% Space Free | Partition Type: NTFS

Computer Name: CAROLINA | User Name: China | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
PRC - [2011/05/25 08:36:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
MOD - [2011/05/25 08:38:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/02 04:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/05/13 14:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 15 16 09 A6 51 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:3.2.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 08:38:11 | 000,000,000 | ---D | M]

[2010/06/21 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Extensions
[2011/02/27 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions
[2010/06/26 21:47:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 10:06:12 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/01/21 09:21:07 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/09/11 23:14:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/21 09:21:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/14 10:47:55 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/02/27 08:27:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\[email protected]
[2011/02/06 14:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 18:38:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/01 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 07:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:03:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/25 08:38:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/08/05 08:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/08/05 08:53:28 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/04/13 21:51:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/27 08:27:38 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/08/21 16:32:24 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 11:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\China\My Documents\PcSetup
[2011/08/05 10:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 8
[2011/08/05 08:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/28 08:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/28 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/28 08:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/07/17 18:16:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2010/11/20 14:26:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[1996/11/18 21:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 06:48:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/11 06:47:43 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job
[2011/08/11 06:47:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/11 06:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006UA.job
[2011/08/11 05:46:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/11 05:46:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/11 05:46:05 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/11 05:46:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/11 05:46:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/11 05:43:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 02:48:18 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/10 21:08:35 | 000,441,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:08:35 | 000,071,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 21:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 20:58:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/10 20:06:17 | 127,587,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/10 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/10 07:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006Core.job
[2011/08/09 18:14:25 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 18:14:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Google Chrome.lnk
[2011/08/09 11:14:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 09:29:31 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/05 10:36:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2011/08/05 10:36:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[2011/08/05 10:36:34 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2011/08/05 10:36:34 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2011/08/05 10:36:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\China\Desktop\DVDFab 8.lnk
[2011/08/05 05:49:43 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 19:14:44 | 000,178,459 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/26 19:33:42 | 000,010,374 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:14 | 000,140,411 | ---- | M] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:23:51 | 000,213,736 | ---- | M] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | M] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:17 | 000,575,183 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:53:16 | 000,008,428 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/22 08:52:59 | 000,386,233 | ---- | M] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/17 18:54:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2011/07/12 22:46:32 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/26 19:33:28 | 000,010,374 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:19 | 000,140,411 | ---- | C] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:24:10 | 000,213,736 | ---- | C] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | C] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:16 | 000,575,183 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:47:21 | 000,386,233 | ---- | C] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/22 08:47:21 | 000,008,428 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/17 21:06:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/06/02 14:08:57 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/20 14:26:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2010/11/20 14:26:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2010/11/20 14:26:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2010/11/19 15:20:56 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/24 17:28:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 17:28:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 17:28:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 17:28:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 17:28:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 18:39:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/21 15:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 17:25:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 09:22:41 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:38:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/11 07:37:45 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/03/10 20:06:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 20:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/10 12:00:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/10 11:59:17 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1998/05/30 23:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 21:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 21:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 21:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 21:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== LOP Check ==========

[2011/08/09 08:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/14 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 10:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/10/21 10:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 08:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/03/10 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/05/16 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2011/08/05 08:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/03/26 00:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/29 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/20 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/07 13:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\6500 Series
[2010/11/29 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\aepdvd
[2010/11/29 13:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Any DVD Shrink
[2010/10/21 10:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\AVG10
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Canneverbe Limited
[2011/06/08 06:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.socialbox.socialbox
[2011/05/09 06:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/02/27 08:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\facemoods.com
[2011/04/01 08:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FlashFXP
[2010/11/27 15:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeFLVConverter
[2010/11/27 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeIPODConverter
[2010/11/27 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeVideoConverter
[2010/11/29 11:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\HandBrake
[2011/03/29 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Installer
[2010/05/07 22:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Lexmark Productivity Studio
[2010/11/26 15:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\MoveFab
[2010/07/08 10:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\OpenOffice.org
[2011/08/05 10:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Vso
[2010/08/16 08:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Windows Live Writer
[2011/08/11 06:48:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/11 06:47:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/11 06:47:43 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 01:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/14 01:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 00:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/09/03 09:45:27 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/09/03 09:45:27 | 000,094,208 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F9DA7C5F9021B76E
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4

< End of report >



I am still doing the other scan that you requested.
  • 0

#4
Brujo
Posted 11 August 2011 - 08:33 AM

Brujo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
And here is the last scan:




aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-11 06:54:42
-----------------------------
06:54:42.984 OS Version: Windows 5.1.2600 Service Pack 3
06:54:42.984 Number of processors: 2 586 0x403
06:54:42.984 ComputerName: CAROLINA UserName: China
06:54:44.671 Initialize success
06:58:10.609 AVAST engine defs: 11081100
06:58:31.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
06:58:31.687 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
06:58:33.703 Disk 0 MBR read successfully
06:58:33.718 Disk 0 MBR scan
06:58:34.093 Disk 0 Windows XP default MBR code
06:58:34.109 Disk 0 scanning sectors +625121280
06:58:34.406 Disk 0 scanning C:\WINDOWS\system32\drivers
06:59:30.781 Service scanning
06:59:32.437 Modules scanning
07:00:02.921 Disk 0 trace - called modules:
07:00:03.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
07:00:03.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7dab8]
07:00:03.109 3 CLASSPNP.SYS[f74d2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d58b00]
07:00:06.218 AVAST engine scan C:\WINDOWS
07:00:26.312 AVAST engine scan C:\WINDOWS\system32
07:04:20.515 AVAST engine scan C:\WINDOWS\system32\drivers
07:04:49.453 AVAST engine scan C:\Documents and Settings\China
07:21:56.546 AVAST engine scan C:\Documents and Settings\All Users
07:29:14.359 Scan finished successfully
07:30:10.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\China\My Documents\MBR.dat"
07:30:11.000 The log file has been saved successfully to "C:\Documents and Settings\China\My Documents\aswMBR.txt"
  • 0

#5
havredave
Posted 11 August 2011 - 10:10 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Great, received and digested. I'll run it past my reviewer and get back with you as soon as possible. :)
  • 0

#6
havredave
Posted 11 August 2011 - 11:15 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I have a few things to clean up using OTL, and another scan for you to do, to get us going.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F9DA7C5F9021B76E
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:3.2.3
[2010/10/14 10:47:55 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/02/27 08:27:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\[email protected]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

:Files
C:\Documents and Settings\China\Application Data\facemoods.com

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Commands
[emptytemp]
[emptyflash]
[purity]
[createrestorepoint]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and select the "Scan All Users" checkbox, then click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Brujo
Posted 11 August 2011 - 08:00 PM

Brujo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I did the fix/scan , rebooted and scan with OTL as per your instructions. Here is the results :



OTL logfile created on: 8/11/2011 6:51:10 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\China\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 262.26 Mb Available Physical Memory | 25.66% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 86.89 Gb Free Space | 29.15% Space Free | Partition Type: NTFS

Computer Name: CAROLINA | User Name: China | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
PRC - [2011/05/25 08:36:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
MOD - [2011/05/25 08:38:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/02 04:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/05/13 14:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 15 16 09 A6 51 CA 01 [binary data]
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 08:38:11 | 000,000,000 | ---D | M]

[2010/06/21 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Extensions
[2011/08/11 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions
[2010/06/26 21:47:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 10:06:12 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/01/21 09:21:07 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/09/11 23:14:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/21 09:21:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/06 14:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 18:38:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/01 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 07:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:03:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/25 08:38:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHINA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IG0FU6SY.DEFAULT\EXTENSIONS\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/08/05 08:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/08/05 08:53:28 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/04/13 21:51:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/27 08:27:38 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/08/21 16:32:24 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:38:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/09 11:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\China\My Documents\PcSetup
[2011/08/05 10:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 8
[2011/08/05 08:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/28 08:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/28 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/28 08:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/07/17 18:16:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2010/11/20 14:26:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[1996/11/18 21:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/08/11 18:53:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/11 18:52:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/11 18:47:57 | 127,719,422 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/11 18:47:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job
[2011/08/11 18:47:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/11 18:46:59 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/11 18:46:57 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/11 18:46:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/11 18:46:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/11 18:46:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 18:38:02 | 000,179,199 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/11 13:09:15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006UA.job
[2011/08/11 07:30:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\China\My Documents\MBR.dat
[2011/08/11 07:09:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006Core.job
[2011/08/11 02:48:18 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/10 21:08:35 | 000,441,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:08:35 | 000,071,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 21:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 20:58:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/10 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/09 18:14:25 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 18:14:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Google Chrome.lnk
[2011/08/09 11:14:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 09:29:31 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/05 10:36:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2011/08/05 10:36:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[2011/08/05 10:36:34 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2011/08/05 10:36:34 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2011/08/05 10:36:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\China\Desktop\DVDFab 8.lnk
[2011/08/05 05:49:43 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 19:33:42 | 000,010,374 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:14 | 000,140,411 | ---- | M] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:23:51 | 000,213,736 | ---- | M] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | M] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:17 | 000,575,183 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:53:16 | 000,008,428 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/22 08:52:59 | 000,386,233 | ---- | M] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/17 18:54:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2011/07/12 22:46:32 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/08/11 07:30:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\China\My Documents\MBR.dat
[2011/07/26 19:33:28 | 000,010,374 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:19 | 000,140,411 | ---- | C] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:24:10 | 000,213,736 | ---- | C] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | C] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:16 | 000,575,183 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:47:21 | 000,386,233 | ---- | C] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/22 08:47:21 | 000,008,428 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/17 21:06:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/06/02 14:08:57 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/20 14:26:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2010/11/20 14:26:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2010/11/20 14:26:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2010/11/19 15:20:56 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/24 17:28:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 17:28:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 17:28:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 17:28:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 17:28:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 18:39:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/21 15:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 17:25:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 09:22:41 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:38:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/11 07:37:45 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/03/10 20:06:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 20:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/10 12:00:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/10 11:59:17 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1998/05/30 23:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 21:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 21:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 21:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 21:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== LOP Check ==========

[2011/08/09 08:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/14 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 10:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/10/21 10:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 08:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/03/10 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/05/16 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2011/08/05 08:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/03/26 00:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/29 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/20 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/01/31 06:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CARO\Application Data\AVG10
[2011/04/20 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CARO\Application Data\PCDr
[2010/05/07 13:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\6500 Series
[2010/11/29 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\aepdvd
[2010/11/29 13:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Any DVD Shrink
[2010/10/21 10:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\AVG10
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Canneverbe Limited
[2011/06/08 06:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.socialbox.socialbox
[2011/05/09 06:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/04/01 08:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FlashFXP
[2010/11/27 15:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeFLVConverter
[2010/11/27 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeIPODConverter
[2010/11/27 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeVideoConverter
[2010/11/29 11:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\HandBrake
[2011/03/29 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Installer
[2010/05/07 22:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Lexmark Productivity Studio
[2010/11/26 15:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\MoveFab
[2010/07/08 10:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\OpenOffice.org
[2011/08/05 10:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Vso
[2010/08/16 08:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Windows Live Writer
[2010/05/08 14:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\6500 Series
[2010/10/23 13:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG10
[2011/02/27 13:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\facemoods.com
[2010/06/14 15:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Lexmark Productivity Studio
[2009/09/15 00:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/05/15 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\6500 Series
[2010/10/22 13:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/04/15 01:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canneverbe Limited
[2011/02/27 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\facemoods.com
[2010/05/07 23:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2010/07/25 11:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble
[2010/06/05 21:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Octoshape
[2011/04/06 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2011/05/13 13:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/05/07 15:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\6500 Series
[2010/10/21 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\AVG10
[2011/02/27 12:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\facemoods.com
[2011/03/11 21:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\FreeIPODConverter
[2010/05/15 12:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\KingsIsle Entertainment
[2010/05/13 18:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\Lexmark Productivity Studio
[2010/05/15 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\Unity
[2011/08/11 18:53:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/11 18:52:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/11 18:47:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job

========== Purity Check ==========



< End of report >
  • 0

#8
havredave
Posted 12 August 2011 - 11:40 AM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
So far so good. Please do the following:

First:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHINA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IG0FU6SY.DEFAULT\EXTENSIONS\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}

:Files
C:\Documents and Settings\Guest\Application Data\facemoods.com
C:\Documents and Settings\Owner\Application Data\facemoods.com
C:\Documents and Settings\Yeya\Application Data\facemoods.com

:Commands
[emptytemp]
[emptyflash]
[purity]
[createrestorepoint]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and select the "Scan All Users" checkbox, then click the Quick Scan button. Post the log it produces in your next reply.


Next:

Please click Start, choose Run, and type the following into the box:

combofix /uninstall

Press OK, and let Combofix uninstall itself.

If you get an error message complaining that the command is not found, follow these instructions, else skip them:
  • Download Combofix from any of the links below but rename it to uninstall.exe before saving it to your desktop.

    Link 1
    Link 2
    Link 3


    ==================================


    Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will have cleaned up the old Combofix installation; we really don't want that hanging around :)


Please post back with the OTL quick scan results, your experience with the Combofix uninstall, and please let me know how the machine is running now.

I'm specifically interested in knowing whether or not we've had any noticeable impact on your surfing experience yet.
  • 0

#9
Brujo
Posted 12 August 2011 - 01:27 PM

Brujo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
It's running better, thanks. All i have to do now it's delete some of my files. I have some big files that i don't want anymore. That also should help , since the HDD is getting full. Any suggestions on a good program to defragment the HDD?

I uninstalled combo fix

this is the OTL scan:




OTL logfile created on: 8/12/2011 12:11:44 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\China\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 302.40 Mb Available Physical Memory | 29.59% Memory free
2.40 Gb Paging File | 1.76 Gb Available in Paging File | 73.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 86.86 Gb Free Space | 29.14% Space Free | Partition Type: NTFS

Computer Name: CAROLINA | User Name: China | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\China\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
PRC - [2011/05/25 08:36:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 14:46:42 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
MOD - [2011/05/25 08:38:08 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/02 04:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/05/13 14:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/05/13 14:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 15 16 09 A6 51 CA 01 [binary data]
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\China\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 09:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 08:38:11 | 000,000,000 | ---D | M]

[2010/06/21 15:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Extensions
[2011/08/11 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions
[2010/06/26 21:47:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 10:06:12 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/01/21 09:21:07 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/09/11 23:14:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/01/21 09:21:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\China\Application Data\Mozilla\Firefox\Profiles\ig0fu6sy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/06 14:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 18:38:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/01 11:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 07:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 11:03:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/25 08:38:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHINA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IG0FU6SY.DEFAULT\EXTENSIONS\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/08/05 08:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/08/05 08:53:28 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/04/13 21:51:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/27 08:27:38 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010/08/21 16:32:24 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-2147065587-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\China\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:38:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/09 11:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/05 10:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\China\My Documents\PcSetup
[2011/08/05 10:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 8
[2011/08/05 08:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/28 08:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/28 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/28 08:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/07/17 18:16:35 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe
[2010/11/20 14:26:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[1996/11/18 21:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/08/12 12:13:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/12 12:12:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/12 12:09:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/12 12:09:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1006.job
[2011/08/12 12:09:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/12 12:09:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/12 12:09:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/12 12:09:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 12:04:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job
[2011/08/12 08:51:27 | 127,805,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/12 08:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006UA.job
[2011/08/12 07:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-2147065587-839522115-1006Core.job
[2011/08/11 21:06:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/08/11 18:38:02 | 000,179,199 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/11 07:30:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\China\My Documents\MBR.dat
[2011/08/11 02:48:18 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1003.job
[2011/08/10 21:08:35 | 000,441,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 21:08:35 | 000,071,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 21:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/10 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-2147065587-839522115-1008.job
[2011/08/09 18:14:25 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\China\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 18:14:23 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Google Chrome.lnk
[2011/08/09 11:14:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 09:29:31 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/05 10:36:34 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2011/08/05 10:36:34 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\China\Application Data\pcouffin.sys
[2011/08/05 10:36:34 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2011/08/05 10:36:34 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2011/08/05 10:36:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\China\Desktop\DVDFab 8.lnk
[2011/08/05 05:49:43 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 19:33:42 | 000,010,374 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:14 | 000,140,411 | ---- | M] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:23:51 | 000,213,736 | ---- | M] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | M] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:17 | 000,575,183 | ---- | M] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:53:16 | 000,008,428 | ---- | M] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/22 08:52:59 | 000,386,233 | ---- | M] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/17 18:54:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 18:16:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\China\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011/08/11 07:30:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\China\My Documents\MBR.dat
[2011/07/26 19:33:28 | 000,010,374 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing (2).odg
[2011/07/24 11:24:19 | 000,140,411 | ---- | C] () -- C:\Documents and Settings\China\Desktop\mozart-symphony-no40.pdf
[2011/07/24 11:24:10 | 000,213,736 | ---- | C] () -- C:\Documents and Settings\China\Desktop\para elisa en flauta dulce.pdf
[2011/07/22 08:59:49 | 000,021,009 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids History.odg
[2011/07/22 08:59:11 | 000,020,944 | ---- | C] () -- C:\Documents and Settings\China\My Documents\Status Kids History.odg
[2011/07/22 08:58:16 | 000,575,183 | ---- | C] () -- C:\Documents and Settings\China\Desktop\Status Kids 1.odg
[2011/07/22 08:47:21 | 000,386,233 | ---- | C] () -- C:\Documents and Settings\China\Desktop\status kids.odg
[2011/07/22 08:47:21 | 000,008,428 | ---- | C] () -- C:\Documents and Settings\China\Desktop\New OpenDocument Drawing.odg
[2011/07/17 21:06:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-2147065587-839522115-1005.job
[2011/06/02 14:08:57 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/20 14:26:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\China\Application Data\inst.exe
[2010/11/20 14:26:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.cat
[2010/11/20 14:26:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\China\Application Data\pcouffin.inf
[2010/11/19 15:20:56 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/24 17:28:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 17:28:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 17:28:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 17:28:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 17:28:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/12 18:39:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/21 15:38:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/19 17:25:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/13 09:22:41 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\China\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 07:38:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/03/11 07:37:45 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/03/10 20:06:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/10 20:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/10 12:00:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/10 11:59:17 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1998/05/30 23:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 21:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 21:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 21:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 21:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== LOP Check ==========

[2011/08/09 08:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/14 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 10:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/10/21 10:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 08:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/03/10 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/05/16 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LxThumbs
[2011/08/05 08:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2011/03/26 00:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/03/26 00:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/29 16:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/20 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/01/31 06:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CARO\Application Data\AVG10
[2011/04/20 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CARO\Application Data\PCDr
[2010/05/07 13:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\6500 Series
[2010/11/29 16:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\aepdvd
[2010/11/29 13:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Any DVD Shrink
[2010/10/21 10:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\AVG10
[2010/04/14 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Canneverbe Limited
[2011/06/08 06:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.socialbox.socialbox
[2011/05/09 06:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/04/01 08:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FlashFXP
[2010/11/27 15:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeFLVConverter
[2010/11/27 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeIPODConverter
[2010/11/27 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\FreeVideoConverter
[2010/11/29 11:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\HandBrake
[2011/03/29 10:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Installer
[2010/05/07 22:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Lexmark Productivity Studio
[2010/11/26 15:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\MoveFab
[2010/07/08 10:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\OpenOffice.org
[2011/08/05 10:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Vso
[2010/08/16 08:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\China\Application Data\Windows Live Writer
[2010/05/08 14:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\6500 Series
[2010/10/23 13:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG10
[2010/06/14 15:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Lexmark Productivity Studio
[2009/09/15 00:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/05/15 17:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\6500 Series
[2010/10/22 13:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/04/15 01:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canneverbe Limited
[2010/05/07 23:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2010/07/25 11:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mumble
[2010/06/05 21:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Octoshape
[2011/04/06 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2011/05/13 13:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/05/07 15:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\6500 Series
[2010/10/21 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\AVG10
[2011/03/11 21:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\FreeIPODConverter
[2010/05/15 12:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\KingsIsle Entertainment
[2010/05/13 18:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\Lexmark Productivity Studio
[2010/05/15 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yeya\Application Data\Unity
[2011/08/12 12:13:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{174F1497-6EB0-4077-A740-C258B819FF16}.job
[2011/08/12 12:12:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{30A67687-127D-47F0-9CF2-8A6A6691FE03}.job
[2011/08/12 12:04:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F4BA11AC-C837-4E68-826A-5E07258C1A7B}.job

========== Purity Check ==========



< End of report >

Edited by Brujo, 12 August 2011 - 01:27 PM.

  • 0

#10
havredave
Posted 12 August 2011 - 04:24 PM

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Good to hear things are running better!

I'd also like to point out that Real Player is clogging up the works a bit, and you might experience further improvement if you don't need to have it installed. There is also an alternative to Real Player called Real Alternative that might suit you better. Thanks to Essexboy for pointing it out!

If you would, one last thing:

Run OTL one more time, and click the CleanUp button. It'll remove itself and a few other utilities, then reboot. When it's done, please remove aswMBR.exe as well, along with any log files we created (most of which OTL will have taken care of).

With that clean-up process done, I do have recommendation for defrag, which is listed below in my "closing ceremony" post. Amazingly, it's the built-in Windows defrag program. I find it does an adequate job, though certainly there are better.

If you'd like a different one though, I've had good luck with Defraggler, and I find Puran Defrag to be recommended often on this site as well.



Now that your computer appears to be clean, there are some steps you can take to help keep it clean.

Keep temporary files cleaned out.
  • Why: This can not only help your machine run a bit faster with less clutter, but potentially clean out infected files before you even know they're there.
  • How: The easiest method for just about everyone to use is Windows' Disk Cleanup. This can be found by clicking Start and choosing Run in Windows XP, and entering "cleanmgr" (without the quotes). It really is quite easy to use. The defaults should be fine. You can also find it under Start -> All Programs -> Accessories -> System Tools.

Keep software up to date.
  • Why: Exploitable issues in software are found all the time, especially in network-aware software such as Windows itself, or your web browser and its addons.
  • How: For a normal user, there are a few programs I pay special attention to confirming that they're up to date: Adobe Reader, Adobe Flash, and Java, and of course Windows itself. To this list, add your antivirus and antispyware products, and your firewall product. For your antivirus, antispyware and firewall products, see the manufacturer documentation for the software in question. Typically you'll find an update feature under the help or tools pulldowns, or on a button somewhere on the software's interface. If you just can't figure out how to update one or more products, just ask - I'd be happy to help; let me know specifically what software it is and what version you have, and I'll try to provide clear instructions.
  • Adobe Reader: Start up Adobe Reader, click the Help pull-down, and choose "Check for Updates". Follow on-screen instructions to install any updates if applicable. Repeat this after each update until it tells you there are no updates available.
  • Adobe Flash: Follow the instructions here. Once you are finished, go here to download and install the newest version.
  • Java: Open your control panel (on the start menu) and find the Java icon. Depending on your control panel configuration and Windows version, this might be obvious, or it might be hidden a bit. You can click the "Programs" link on Vista and 7 to find it, or "Switch to Classic View" in the upper left corner in Windows XP (granted you're not already using classic view). If you can't find Java in any of those places, it's entirely possible you don't have it installed. That fine; if it is installed, it needs to be up to date. If it's not installed, ignore this step. There is a caveat here: If you run certain programs that require Java, you might find that they won't work with the newest version. If you do run into this situation, contact the software manufacturer and ask them what the newest version of Java is that their software supports, and where to obtain it.
  • Windows: On your start menu, under All Programs or Programs depending on your version, you'll find either Windows Update or Microsoft Update at the top of the menu. Click here and follow the instructions to install the high priority updates that are available. Optional updates are just that; you can install them, but you don't have to in most situations. Repeat this process until no further high priority updates are available.

Clear possibly infected restore points
  • Why: Having the ability to restore your system is a great thing, as long as you're not restoring an infection!
  • How: The most simple way to do this is to utilize Disk Cleanup, detailed above in the "Keep temporary files cleaned out" step. Simply click on the "More Options" tab, and use the system restore clean up button. This works with all versions of Windows that had system restore; namely, Windows ME and later. This will remove all but the most recent restore point on the system (that we created earlier), which is what we're after.

Defragment
  • Why: Defragmenting your files helps your hard drive access them faster, and in as few sweeps of the read head as possible, reducing drive wear and tear.
  • How: Using the built-in Windows Disk Defragmenter is one safe option, found in Start -> All Programs -> Accessories -> System Tools. I would do this once a month unless the system is heavily used, then perhaps weekly.

There's also a good article here that goes into a few other details.

Happy computing!
  • 0

#11
Essexboy
Posted 23 August 2011 - 01:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP