[tofu5]

I have 2 logs here, not sure which is 1st or 2nd.

1-Results of system analysis
Kaspersky Virus Removal Tool 11.0.0.1245 (database released 18/08/2011; 20:42)

List of processes
File name PID Description Copyright MD5 Information
c:\program files\avg\avg9\avgtray.exe
Script: Quarantine, Delete, BC delete, Terminate 924 AVG Tray Monitor Copyright © 2011 AVG Technologies CZ, s.r.o. ?? 2023.34 kb, rsAh,
created: 16.07.2010 13:32:51,
modified: 15.03.2011 09:13:53
Command line:
"C:\Program Files\AVG\AVG9\avgtray.exe"
Detected:69, recognized as trusted 69
Module name Handle Description Copyright MD5 Used by processes
C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
Script: Quarantine, Delete, BC delete 1888550912 MFCDLL Shared Library - Retail Version © Microsoft Corporation. All rights reserved. -- 924
C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
Script: Quarantine, Delete, BC delete 1899364352 MFC Language Specific Resources © Microsoft Corporation. All rights reserved. -- 924
Modules detected:580, recognized as trusted 578

Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_atapi.sys
Script: Quarantine, Delete, BC delete 86DD4000 008000 (32768)
C:\Windows\System32\Drivers\dump_dumpata.sys
Script: Quarantine, Delete, BC delete 8BBF4000 00B000 (45056)
C:\Users\user\AppData\Local\Temp\kxldapob.sys
Script: Quarantine, Delete, BC delete ADE4C000 019000 (102400)
Modules detected - 156, recognized as trusted - 153

Services
Service Description Status File Group Dependencies
Detected - 134, recognized as trusted - 134

Drivers
Service Description Status File Group Dependencies
blbdrive
Driver: Unload, Delete, Disable, BC delete blbdrive Not started C:\Windows\system32\drivers\blbdrive.sys
Script: Quarantine, Delete, BC delete
catchme
Driver: Unload, Delete, Disable, BC delete catchme Not started C:\Users\user\AppData\Local\Temp\catchme.sys
Script: Quarantine, Delete, BC delete Base
IpInIp
Driver: Unload, Delete, Disable, BC delete IP in IP Tunnel Driver Not started C:\Windows\system32\DRIVERS\ipinip.sys
Script: Quarantine, Delete, BC delete Tcpip
NwlnkFlt
Driver: Unload, Delete, Disable, BC delete IPX Traffic Filter Driver Not started C:\Windows\system32\DRIVERS\nwlnkflt.sys
Script: Quarantine, Delete, BC delete NwlnkFwd
NwlnkFwd
Driver: Unload, Delete, Disable, BC delete IPX Traffic Forwarder Driver Not started C:\Windows\system32\DRIVERS\nwlnkfwd.sys
Script: Quarantine, Delete, BC delete
SABProcEnum
Driver: Unload, Delete, Disable, BC delete SABProcEnum Not started C:\Program Files\Internet Explorer\SABProcEnum.sys
Script: Quarantine, Delete, BC delete
Detected - 237, recognized as trusted - 231

Autoruns
File name Status Startup method Description
C:\Users\user\AppData\Local\Temp\_uninst_46903274.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_46903274.lnk,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Script: Quarantine, Delete, BC delete Active File in Autoruns folder C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\WindowsSystem32\IoLogMsg.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid, EventMessageFile
C:\Windows\System32\appmgmts.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll
Delete
C:\Windows\System32\igmpv2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\Windows\System32\ipbootp.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\Windows\System32\iprip2.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\Windows\System32\ws03res.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP, EventMessageFile
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
progman.exe
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
vgafix.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon
Delete
vgaoem.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon
Delete
vgasys.fon
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon
Delete
Autoruns items detected - 665, recognized as trusted - 649

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
C:\Program Files\AVG\AVG8\avgssie.dll
Script: Quarantine, Delete, BC delete BHO {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Delete
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Delete
Elements detected - 14, recognized as trusted - 11

Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
IE User Assist {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}
Delete
lnkfile {00020d75-0000-0000-c000-000000000046}
Delete
Color Control Panel Applet {b2c761c6-29bc-4f19-9251-e6195265baf1}
Delete
Add New Hardware {7A979262-40CE-46ff-AEEE-7884AC3B6136}
Delete
Get Programs Online {3e7efb4c-faf1-453d-89eb-56026875ef90}
Delete
Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Delete
ActiveDirectory Folder {1b24a030-9b20-49bc-97ac-1be4426f9e59}
Delete
ActiveDirectory Folder {34449847-FD14-4fc8-A75A-7432F5181EFB}
Delete
Sam Account Folder {C8494E42-ACDD-4739-B0FB-217361E4894F}
Delete
Sam Account Folder {E29F9716-5C08-4FCD-955A-119FDB5A522D}
Delete
Control Panel command object for Start menu {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
Delete
Default Programs command object for Start menu {E44E5D18-0652-4508-A4E2-8A090067BCB0}
Delete
Folder Options {6dfd7c5c-2451-11d3-a299-00c04f8ef6af}
Delete
Explorer Query Band {2C2577C2-63A7-40e3-9B7F-586602617ECB}
Delete
View Available Networks {38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}
Delete
Contacts folder {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete
Windows Firewall {4026492f-2f69-46b8-b9bf-5654fc07e423}
Delete
Problem Reports and Solutions {fcfeecae-ee1b-4849-ae50-685dcf7717ec}
Delete
iSCSI Initiator {a304259d-52b8-4526-8b1a-a1d6cecc8243}
Delete
.cab or .zip files {911051fa-c21c-4246-b470-070cd8df6dc4}
Delete
Windows Search Shell Service {da67b8ad-e81b-4c70-9b91b417b5e33527}
Delete
Microsoft.ScannersAndCameras {00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
Delete
Windows Sidebar Properties {37efd44d-ef8d-41b1-940d-96973a50e9e0}
Delete
Windows Features {67718415-c450-4f3c-bf8a-b487642dc39b}
Delete
Windows Defender {d8559eb9-20c0-410e-beda-7ed416aecc2a}
Delete
Mobility Center Control Panel {5ea4f148-308c-46d7-98a9-49041b1dd468}
Delete
User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}
Delete
AVG Find Extension {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
Delete
Elements detected - 285, recognized as trusted - 257

Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
C:\Users\user\AppData\Local\Temp\8D6.tmp
Script: Quarantine, Delete, BC delete Provider
Elements detected - 8, recognized as trusted - 7

Task Scheduler jobs
File name Job name Job status Description Manufacturer
Elements detected - 3, recognized as trusted - 3

SPI/LSP settings
Namespace providers (NSP) Provider Status EXE file Description GUID
Detected - 6, recognized as trusted - 6
Transport protocol providers (TSP, LSP) Provider EXE file Description
Detected - 18, recognized as trusted - 18
Results of automatic SPI settings check LSP settings checked. No errors detected


TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [940] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10110 LISTENING 0.0.0.0 0 [3040] c:\program files\avg\avg9\avgemc.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [620] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [1076] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [676] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [664] c:\windows\system32\services.exe
Script: Quarantine, Delete, BC delete, Terminate
50093 CLOSE_WAIT 91.213.208.37 80 [1656] c:\program files\lavasoft\ad-aware\aawservice.exe
Script: Quarantine, Delete, BC delete, Terminate
50217 CLOSE_WAIT 72.14.204.101 80 [1396] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
123 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1460] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49642 LISTENING -- -- [1124] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54299 LISTENING -- -- [4396] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
55223 LISTENING -- -- [4456] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
58806 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58807 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
62909 LISTENING -- -- [1336] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 8, recognized as trusted - 8

Control Panel Applets (CPL)
File name Description Manufacturer
Elements detected - 24, recognized as trusted - 24

Active Setup
File name Description Manufacturer CLSID
Elements detected - 10, recognized as trusted - 10

HOSTS file
Hosts file record
127.0.0.1 localhost


Clear Hosts file

Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
C:\Program Files\AVG\AVG8\avgpp.dll
Script: Quarantine, Delete, BC delete Handler (linkscanner: ExPLabs.com Pluggable Protocol) {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
Delete
Elements detected - 17, recognized as trusted - 13

Suspicious objects
File Description Type


--------------------------------------------------------------------------------

Main script of analysis
Windows version: Windows Vista ™ Home Premium, Build=6002, SP="Service Pack 2"
System Restore: enabled
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 01B60010<>77321C28
IAT modification detected: GetModuleFileNameA - 01B60080<>7736B8DD
IAT modification detected: FreeLibrary - 01B600F0<>77363FA4
IAT modification detected: GetModuleFileNameW - 01B60160<>7736B49E
IAT modification detected: CreateProcessW - 01B601D0<>77321BF3
IAT modification detected: LoadLibraryW - 01B602B0<>77349400
IAT modification detected: LoadLibraryA - 01B60320<>7734957C
IAT modification detected: GetProcAddress - 01B60390<>7736925B
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=137B00)
Kernel ntkrnlpa.exe found in memory at address 82007000
SDT = 8213EB00
KiST = 820B386C (391)
Functions checked: 391, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
CmpCallCallBacks = 00000000
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
Driver loaded successfully
Checking - complete
Latent loading of libraries through AppInit_DLLs suspected: "avgrsstx.dll"
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress
System Analysis - complete

Script commands
Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardOperations with AVZPM (true=enable,false=disable)BootCleaner - import list of deleted filesBootCleaner - import allRegistry cleanup after deleting filesExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizardBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery)Performance tweaking: disable service Schedule (Task Scheduler)Security tweaking: disable CD autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------
File list


2-
<?xml version="1.0" encoding="WINDOWS-1251"?>

<!-- AVZ XML Report -->
-<AVZ CompHash="9EE30112FDD78C7256F66D165817DC44" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="False" Session="" ProfileDir="C:\Users\user" OS_CSDV="Service Pack 2" BootMode="0" OS_Build="6002" OS_MiVer="0" OS_MjVer="6" WinDir="C:\Windows\" LogDate="19.08.2011 11:33:26" Version="4.35"> -<PROCESS> <ITEM MD5="035A4DC0EA6506F422EBF388DE9EE720" ChageDate="15.03.2011 09:13:53" CreateDate="16.07.2010 13:32:51" Attr="rsAh" Size="2071904" CmdLine=""C:\Program Files\AVG\AVG9\avgtray.exe" " Hidden="0" LegalCopyright="Copyright © 2011 AVG Technologies CZ, s.r.o." Descr="AVG Tray Monitor" CheckResult="0" File="c:\program files\avg\avg9\avgtray.exe" PID="924"/> </PROCESS> -<DLL> <ITEM MD5="E2C48CD0132D4D1DC7D0DF9A6BEF686A" ChageDate="22.06.2011 09:07:08" CreateDate="22.06.2011 09:07:08" Attr="rsAh" Size="1093120" Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="MFCDLL Shared Library - Retail Version" CheckResult="-1" File="C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL" UsedBy="924"/> <ITEM MD5="28A09777D2D952122567A8A82F1A2C7B" ChageDate="22.06.2011 09:07:33" CreateDate="22.06.2011 09:07:33" Attr="rsAh" Size="57344" Hidden="0" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="MFC Language Specific Resources" CheckResult="-1" File="C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL" UsedBy="924"/> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_atapi.sys" MemSize="008000" Base="86DD4000"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpata.sys" MemSize="00B000" Base="8BBF4000"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\kxldapob.sys" MemSize="019000" Base="ADE4C000"/> </KERNELOBJ> <Service> </Service> -<Drivers> <ITEM CheckResult="-1" File="C:\Windows\system32\drivers\blbdrive.sys" State="1" Type="1" Name="blbdrive"/> <ITEM CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\catchme.sys" State="1" Type="1" Name="catchme"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\ipinip.sys" State="1" Type="1" Name="IpInIp"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" State="1" Type="1" Name="NwlnkFlt"/> <ITEM CheckResult="-1" File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" State="1" Type="1" Name="NwlnkFwd"/> <ITEM CheckResult="-1" File="C:\Program Files\Internet Explorer\SABProcEnum.sys" State="1" Type="1" Name="SABProcEnum"/> </Drivers> -<AUTORUN> <ITEM MD5="EF3D52CB72319BCBAEE0DD42DC78102F" ChageDate="19.08.2011 08:44:27" CreateDate="19.08.2011 08:44:27" Attr="rsAh" Size="360" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\_uninst_46903274.bat" Type="LNK" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_46903274.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" Enabled="1"/> <ITEM MD5="EE2806115EA2DCF09A999B802BDC7F6C" ChageDate="13.08.2007 09:44:54" CreateDate="13.08.2007 09:44:54" Attr="rsAh" Size="136" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCell.LNK" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM MD5="3445F5DC2958D760AF93147BD77E79E0" ChageDate="02.11.2006 08:50:41" CreateDate="03.08.2007 17:38:25" Attr="rsAh" Size="258" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM MD5="306651F625C0094DCF5E16EC32358014" ChageDate="02.11.2006 08:50:41" CreateDate="03.08.2007 17:38:25" Attr="rsAh" Size="240" CheckResult="-1" File="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" Type="FILE" X3="" X2="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" X1="C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\" Enabled="1"/> <ITEM CheckResult="-1" File="C:\WindowsSystem32\IoLogMsg.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\appmgmts.dll" Type="REG" X3="ServiceDll" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\igmpv2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ipbootp.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\iprip2.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\System32\ws03res.dll" Type="REG" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" Type="REG" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Enabled="-1"/> <ITEM CheckResult="-1" File="progman.exe" Type="REG" X3="shell" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" Type="REG" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgafix.fon" Type="REG" X3="fixedfon.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgaoem.fon" Type="REG" X3="oemfonts.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> <ITEM CheckResult="-1" File="vgasys.fon" Type="REG" X3="fonts.fon" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X1="HKEY_LOCAL_MACHINE" Enabled="1"/> </AUTORUN> -<BHO> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\AVG\AVG8\avgssie.dll" Enabled="1" CLSID="{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" BHOType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2670000A-7350-4f3c-8081-5663EE0C6C49}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{92780B25-18CC-41C8-B9BE-3C9C571A8263}" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" BHOType="3"/> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="IE User Assist" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00020d75-0000-0000-c000-000000000046}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="lnkfile" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Color Control Panel Applet" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Add New Hardware" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Get Programs Online" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Taskbar and Start Menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="ActiveDirectory Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Sam Account Folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Control Panel command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Default Programs command object for Start menu" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Folder Options" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Explorer Query Band" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="View Available Networks" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Contacts folder" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Firewall" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Problem Reports and Solutions" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="iSCSI Initiator" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName=".cab or .zip files" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Search Shell Service" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Microsoft.ScannersAndCameras" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Sidebar Properties" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Features" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Windows Defender" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="Mobility Center Control Panel" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="User Accounts" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="AVG Find Extension" ExtType="1"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Users\user\AppData\Local\Temp\8D6.tmp" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM MD5="D1A84F7D4CAFCFE2A32149FF418056E5" ChageDate="19.01.2008 03:35:38" CreateDate="04.04.2009 13:07:54" Attr="rsAh" Size="48128" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM MD5="FC62A635063B762E1C3C60EA77279378" ChageDate="19.01.2008 03:35:35" CreateDate="04.04.2009 13:08:12" Attr="rsAh" Size="50176" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="19.01.2008 03:36:07" CreateDate="04.04.2009 13:08:23" Attr="rsAh" Size="62464" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM MD5="690D41DF1D555F96D4898A0F54EBA065" ChageDate="19.01.2008 03:36:07" CreateDate="04.04.2009 13:08:23" Attr="rsAh" Size="62464" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM MD5="C411C80F90D6732380352B98B37BBD53" ChageDate="11.04.2009 02:28:25" CreateDate="07.11.2009 09:31:54" Attr="rsAh" Size="19968" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" SPINaim="NTDS" SPIType="1"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{646A3344-F31F-4EE7-993F-DE95A709D38D}] SEQPACKET 2" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{646A3344-F31F-4EE7-993F-DE95A709D38D}] DATAGRAM 2" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C914F8D6-15E6-4CB5-9F67-2BE3664FBF4C}] SEQPACKET 1" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C914F8D6-15E6-4CB5-9F67-2BE3664FBF4C}] DATAGRAM 1" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{207D390A-AFA5-4E9B-ADCA-B999981B3E38}] SEQPACKET 0" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{207D390A-AFA5-4E9B-ADCA-B999981B3E38}] DATAGRAM 0" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{646A3344-F31F-4EE7-993F-DE95A709D38D}] SEQPACKET 3" SPIType="3"/> <ITEM MD5="8617350C9B590B63E620881092751BCB" ChageDate="11.04.2009 02:28:22" CreateDate="07.11.2009 09:32:35" Attr="rsAh" Size="223232" LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip6_{646A3344-F31F-4EE7-993F-DE95A709D38D}] DATAGRAM 3" SPIType="3"/> </SPI> <DPF> </DPF> <CPL> </CPL> <ActiveSetup> </ActiveSetup> -<HOSTS> <ITEM Line="127.0.0.1 localhost"/> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="C:\Program Files\AVG\AVG8\avgpp.dll" Enabled="1" CLSID="{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" RegKey="SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner"/> </ProtocolExt> -<IPU> <ITEM X2="Terminal Services" X1="TermService" Code="1"/> <ITEM X2="SSDP Discovery" X1="SSDPSRV" Code="1"/> <ITEM X2="Task Scheduler" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>

[Advertisements]

I did your last step: Start, Run as Administrator.

The sfc scannow came up with- Windows Resource Protection found corrupt files but was unable to fix some of them
sigverif said: The following files have not been digitally signed
sasd.fsv.sys
sasenum.sys
sasutil.sys

The dates were a few years ago, one was even before I had this computer

AVG Free 9.0 will not let me turn the Resident Shield back on. Says I must log in as Administrator.
When I click on ATFcleaner on my desktop, the screen goes black, then I get a popup asking me if I want to allow this. This never happened a week ago. How can I prevent this User Control popup from happening?

Edited by tofu5, 19 August 2011 - 10:54 AM.

[tofu5]

I did your last step: Start, Run as Administrator.

The sfc scannow came up with- Windows Resource Protection found corrupt files but was unable to fix some of them
sigverif said: The following files have not been digitally signed
sasd.fsv.sys
sasenum.sys
sasutil.sys

The dates were a few years ago, one was even before I had this computer

AVG Free 9.0 will not let me turn the Resident Shield back on. Says I must log in as Administrator.
When I click on ATFcleaner on my desktop, the screen goes black, then I get a popup asking me if I want to allow this. This never happened a week ago. How can I prevent this User Control popup from happening?

Edited by tofu5, 19 August 2011 - 10:54 AM.

[michaelg9]

Hello,

Did AVP scan find any infections?
AVP produced a zip file named avptool_sysinfo.zip. You must attach it here, not post it

You can disable UAC using the tutorial here, Method #4 - Using Control Panel. It's a good security measure though...

Edited by michaelg9, 19 August 2011 - 12:11 PM.

[tofu5]

"AVP produced a zip file named avptool_sysinfo.zip. You must attach it here, not post it"

I tried to attach it but could not figure out how to do that. I just looked for the file avp...to attach here and it did not come up, that is why I pasted it. Sorry.

Kaspersky did find 2 threats, which I deleted.

[michaelg9]

Hello
Drag and drop the zip file of AVP here in the green box, and when it finishes uploading, it will give you a link to your file. Paste that link here

Do you remember what two threads?

[tofu5]

http://www.mediafire...x8ag84o864bo7cn

I hope the above is the link you want. As to zipping or unzipping, I have no idea of what that is. Sorry.

I do not remember what the 2 threats were. And I still cannot change the AVG Resident Shield.
Also, when I re-started my computer, it asked me to sign on as a Guest or user, this has never happened before.

Edited by tofu5, 19 August 2011 - 12:58 PM.

[michaelg9]

Hello
Let's try the Kaspersky manual disinfection part again

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post or upload it at mediafire as before



Next:

Upload this file at mediafire for me please:
C:\Windows\logs\cbs\cbs.log

[tofu5]

http://www.mediafire...k67laww09l58zrm

I believe the above is what you requested. I saw no threats detected.


I am having a bear of a time finding the file C:\Windows....

found some CBS files, but it said I do not have permission to open the files

Edited by tofu5, 19 August 2011 - 02:30 PM.

[michaelg9]

Right click on notepad and select Run as Administrator.
Then go to file > open and open the file:
C:\Windows\logs\cbs\cbs.log

[tofu5]

ok, I found the log but I have no idea how to get it to Mediafire

Edited by tofu5, 19 August 2011 - 03:41 PM.

[michaelg9]

Open it, save it to your Desktop and then upload the file from Desktop to MediaFire

[tofu5]

http://www.mediafire...395di6dy5uymjav

hope this is what you requested

Edited by tofu5, 19 August 2011 - 03:39 PM.

[michaelg9]

Hello,

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\Windows\system32\DRIVERS\8241871drv.sys
  C:\Windows\system32\DRIVERS\46903274.sys
  C:\Users\user\AppData\Local\Temp\8D6.tmp
  
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  
  /md5start
  wininit.exe
  sasd.fsv.sys
  /md5stop
  
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[tofu5]

OTL logfile created on: 8/19/2011 7:27:39 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = c:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.51 Gb Available Physical Memory | 34.35% Memory free
3.23 Gb Paging File | 2.05 Gb Available in Paging File | 63.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.36 Gb Total Space | 217.99 Gb Free Space | 75.60% Space Free | Partition Type: NTFS
Drive D: | 9.73 Gb Total Space | 4.28 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL.exe
PRC - [2011/08/10 20:26:15 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/15 09:13:53 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:30:09 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 15:46:26 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 13:32:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 13:31:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 16:58:32 | 000,353,584 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/08/07 07:25:39 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/01 17:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 17:17:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/22 09:55:21 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 13:32:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 12:45:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/16 13:31:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 08:51:21 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/07 07:25:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/27 12:20:55 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/11/08 19:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/04 21:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-617309455-594879788-2053407963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 07:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/20 19:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/06 09:51:27 | 000,000,000 | ---D | M]

[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/06/10 20:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/24 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions
[2010/09/10 15:46:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fw6p3h5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/17 07:57:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/06 09:51:26 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/18 17:43:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKU\S-1-5-21-617309455-594879788-2053407963-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Windows\System32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-617309455-594879788-2053407963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-617309455-594879788-2053407963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfiel...criptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 08:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/19 07:51:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/18 17:45:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/18 17:33:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/18 17:33:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/18 17:33:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/18 17:33:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/18 17:33:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/18 17:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/17 16:18:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 09:25:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/08/11 09:25:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/08/11 08:27:19 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/08/11 08:26:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/08/11 08:26:54 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/08/11 08:26:42 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/08/11 08:26:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/11 08:24:02 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/11 07:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/11 07:25:45 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/08/11 07:25:44 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/08/11 07:25:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/08/11 07:25:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/08/11 07:25:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/08/11 07:25:18 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/08/11 07:25:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/08/11 07:25:16 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/08/11 07:25:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/08/11 07:25:16 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/08/11 07:25:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/08/11 07:25:16 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/08/11 07:25:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/08/11 07:25:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/08/11 07:25:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/08/11 07:24:08 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/08/11 07:24:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/08/11 07:20:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/08/11 07:20:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/08/11 07:20:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/08/11 07:20:43 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/08/11 07:20:43 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/08/11 07:20:43 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/08/11 07:20:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/08/11 07:20:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/08/11 07:20:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/08/10 20:40:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 20:40:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/10 20:40:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/08/10 20:40:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 20:40:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 20:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 20:31:32 | 000,000,000 | ---D | C] -- C:\c1bf3e2ee6bee5bbb003
[2011/08/10 20:26:16 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/08/10 16:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/08/10 07:43:23 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 07:43:10 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 07:43:10 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/08/19 19:26:24 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/19 19:24:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/19 19:23:58 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 19:23:58 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 19:23:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 19:23:51 | 1599,270,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 18:23:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 10:13:22 | 000,000,370 | -HS- | M] () -- C:\Windows\7993447drv.spi
[2011/08/19 09:34:17 | 084,123,350 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/08/18 17:43:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 13:07:18 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/17 07:56:18 | 000,594,866 | ---- | M] () -- C:\logfile
[2011/08/15 07:04:36 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/08/15 07:04:36 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/08/11 08:52:07 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/11 07:48:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/10 20:26:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 16:21:16 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Master.lnk
[2011/08/10 16:20:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2011/08/06 07:44:54 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/08/05 14:38:45 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/05 14:38:45 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 22:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011/08/19 09:17:21 | 000,000,370 | -HS- | C] () -- C:\Windows\7993447drv.spi
[2011/08/18 17:33:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/18 17:33:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/18 17:33:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/18 17:33:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/18 17:33:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 19:13:43 | 1599,270,912 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/17 12:54:15 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2011/08/11 07:48:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/11 07:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/06 07:44:54 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{C3A831D8-54C7-4CE8-9CC3-531407140CCF}
[2011/08/05 21:36:53 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{4C4C0C27-7242-466B-9F2A-2786ED73D52A}
[2011/04/25 08:22:45 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/25 08:22:45 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/06/08 19:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/07 09:33:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/07 09:33:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/07 09:32:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/03 17:24:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/02/06 12:05:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2009/02/06 11:55:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 11:55:58 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/06 11:55:58 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OnlineScannerUninstaller.exe
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007/10/24 13:14:20 | 000,000,984 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2007/08/10 20:29:36 | 000,000,031 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/08/03 17:41:36 | 000,025,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/05/18 14:59:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/05/18 14:30:37 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/05/18 14:19:17 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/05/18 14:19:16 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/05/18 14:19:16 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/05/18 14:19:16 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,446 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll

========== LOP Check ==========

[2011/07/06 09:51:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2007/12/07 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SampleView
[2007/10/24 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010/06/10 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2007/08/10 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2008/02/10 12:11:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yapta
[2011/08/19 19:22:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:813B8EB6

< End of report >



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7513

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/19/2011 8:19:28 PM
mbam-log-2011-08-19 (20-19-28).txt

Scan type: Quick scan
Objects scanned: 156183
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by tofu5, 19 August 2011 - 06:22 PM.

[tofu5]

This is a list of changes on my computer since I have posted to GeeksToGo. None of these things happened before all the downloads. I can post this in another forum, please let me know.
Saturday morning
1- Upon startup, the screen shows 2 boxes, User and Guest. In the lower left hand corner is a small box with a circle in it 3/4 filled with slashes(hard to describe). In the lower right hand corner is a red rectangle with a button and to the right of that(adjoining it) is an up arrow.
2-A pop-up shows Virutal Expander- Start-up has failed(1000). I click OK.
3- When I try to sign in on IE Yahoo, I get a Security Alert- You are about to sign..., then when I DO sign-in, I get another Security Alert- You are about to leave a secure internet connection. (This does not happen when I sign into another Yahoo account through Firefox)
4- Cannot activate Resident Shield in AVG Free
5- When I try to access ATFCleaner, I get a pop-up User Account Control An unidentified program wants access to your computer. I click Allow. There is also a shield next to the garbage can, the shield was never there before.

I plugged my camera into the usb port, the USB device is still not recognized. That was the original reason I contacted GeeksToGo though, this is not new. Is it time to give up on the USB device? I can deal with that if need be. The above 5 items are a bother though which I would prefer to not have.

Edited by tofu5, 20 August 2011 - 06:08 AM.