Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ping exe and cpu 100%

Started by sah_fb , Nov 13 2011 11:29 AM

  • Please log in to reply

#1
sah_fb
Posted 13 November 2011 - 11:29 AM

sah_fb

    Member

  • Member
  • PipPip
  • 14 posts
thecomputer has been acting super slow and having some redirects to
pages. the cpu is at 100% unless i end the ping exe in the task manager.
it goes away speed comes back and then ping is back and cpu back to 100%

OTL logfile created on: 11/13/2011 11:28:51 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 391.25 Mb Available Physical Memory | 38.23% Memory free
1.66 Gb Paging File | 1.09 Gb Available in Paging File | 65.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.25 Gb Total Space | 64.42 Gb Free Space | 60.07% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.78 Gb Free Space | 17.33% Space Free | Partition Type: FAT32

Computer Name: OUR-COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 11:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/09/10 17:11:46 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2002/06/22 09:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/03/01 00:10:49 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2004/03/11 23:45:06 | 000,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2003/02/21 05:49:54 | 000,172,032 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPComm.dll
MOD - [2002/06/22 09:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
MOD - [2001/03/02 22:26:06 | 000,102,400 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (vmusb)
SRV - File not found [Disabled | Stopped] -- -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/02/09 11:53:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/09/10 17:11:46 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2002/11/14 10:09:14 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/09/17 05:00:28 | 000,599,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/11/17 17:55:34 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/02/17 05:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/27 16:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 16:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 16:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 16:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 16:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 16:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/12/12 18:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 21:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 21:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 00:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 09:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/08 18:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/01 11:08:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/20 05:02:38 | 000,000,000 | ---D | M]

[2011/01/01 11:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/29 07:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions\staged-xpis
[2011/02/16 19:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 19:49:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/16 19:49:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/16 19:49:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/11/07 17:57:19 | 000,438,135 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15071 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: //rhapapp.real.com/ ([]rhap in Trusted sites)
O15 - HKCU\..Trusted Domains: listen.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: llnwd.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapapp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: realone.com ([i] http in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0309.cab (YInstStarter Class)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://ca.com/us/sec...an/pestscan.cab (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1138232800038 (MUWebControl Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...CAB?37884.38875 (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539600} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} http://h20270.www2.h...cdetection3.cab (DeviceEnum Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0723644E-0885-4B83-ACEC-891E530A0F47}: DhcpNameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AABD55D-C086-4174-B1B7-9B0E22D5FEFC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67411ACD-F722-47C1-B76A-8B39717AF81B}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 00:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 22:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 11:28:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/10 17:49:19 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2011/11/10 17:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/09 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/09 19:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/11/08 21:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/11/08 21:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/08 21:00:06 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/08 18:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/11/08 18:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/08 18:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/08 18:28:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/11/08 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/08 15:24:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/11/08 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/08 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/08 11:39:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/07 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/07 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/11/07 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/07 17:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2011/11/07 16:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CzONyxA1uSoFpGs
[2011/11/07 16:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\konG4amH6W7E9Tq
[2011/11/07 16:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/07 16:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/07 16:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Y2ibD3pnGaHdKfL
[2011/11/07 16:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fjUCelIBtPyAiDo
[2011/11/07 16:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\yA1uvD2ob4m
[2011/11/07 16:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\oS1ibD3on4Q6W7R
[2011/11/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Y4amH6sWKfLgXjC
[2011/11/07 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\xTXqjYCekBzNx1v
[2011/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\z3pmG5aQJdKfZhX
[2011/11/07 15:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\t0ucS2ibFpaJdKf
[2011/11/07 15:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SBtxP0ucSi
[2011/10/29 12:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
[2011/10/29 12:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/10/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2005/02/06 08:09:39 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 11:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/13 11:24:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/13 11:23:59 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/11/13 11:23:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 11:19:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/13 10:48:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003UA.job
[2011/11/13 08:26:58 | 109,616,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/10 22:29:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/11/10 17:49:33 | 000,000,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2011/11/09 15:48:07 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003Core.job
[2011/11/08 22:05:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/08 06:32:05 | 000,155,182 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/11/08 06:32:01 | 000,272,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/11/08 06:10:52 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/11/08 04:06:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/11/07 17:57:19 | 000,438,135 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/07 16:53:27 | 000,000,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/07 16:27:24 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/07 16:17:01 | 000,434,440 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111107-175717.backup
[2011/11/07 15:29:02 | 000,465,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 15:29:02 | 000,083,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 16:45:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/13 08:26:58 | 109,616,228 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/08 06:32:05 | 000,155,182 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/11/08 06:32:01 | 000,272,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/11/08 06:10:52 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/11/07 16:52:57 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/07 16:33:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/01 16:45:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/11/01 16:45:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/27 16:53:26 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/27 16:53:26 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2009/09/15 05:13:15 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/07/08 18:44:10 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2009/07/08 18:44:10 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\4D05D6
[2009/05/18 16:54:48 | 000,000,267 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2008/07/18 11:35:45 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/18 11:35:42 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/18 11:35:42 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/18 11:35:41 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/18 11:35:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/13 07:18:42 | 000,091,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/06 07:55:49 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/06 07:55:49 | 000,003,449 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/09/02 19:22:53 | 000,003,155 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/28 16:45:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/28 14:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/06/14 07:41:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/06/12 19:18:05 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2007/06/12 19:18:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2007/05/05 09:24:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/25 07:15:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/20 07:42:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\dead_saver2.ini
[2006/11/20 07:41:54 | 000,000,098 | ---- | C] () -- C:\WINDOWS\dead_saver3.ini
[2006/11/18 17:58:02 | 000,000,195 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2006/11/18 17:58:02 | 000,000,112 | ---- | C] () -- C:\WINDOWS\dead_saver1.ini
[2006/10/08 14:47:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/03 09:40:04 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/17 06:05:25 | 000,000,479 | ---- | C] () -- C:\WINDOWS\T-Minus.INI
[2006/03/25 10:15:50 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/03/15 17:22:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/02/19 20:03:52 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2006/02/15 08:35:26 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/02/15 08:35:26 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/09/19 05:59:08 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/08/16 10:00:40 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\torrentspy.ini
[2005/07/16 07:59:10 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/07/16 07:59:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/07/16 07:59:09 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2005/07/14 17:43:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/07/14 17:26:11 | 000,104,305 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/07/14 17:26:11 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/06/14 18:53:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005.ini
[2005/06/04 07:57:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/06/04 07:57:04 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/03/04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/03 17:20:31 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/01 17:45:41 | 000,241,084 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2005/03/01 14:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/23 20:39:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/23 20:39:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/23 20:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/23 20:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/23 20:39:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/23 20:39:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/23 20:38:36 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2005/02/23 20:38:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/10/31 14:01:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/08 08:29:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2004/08/20 18:05:53 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/08/18 20:46:24 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/18 20:46:23 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/08/18 20:45:44 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/06/23 16:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/06/23 16:20:03 | 000,007,210 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/18 05:55:59 | 000,000,409 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/05/11 07:51:26 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/04/01 09:03:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/02/29 18:08:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/02/29 18:08:02 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/12/25 19:05:45 | 000,000,231 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/12/01 20:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/11/19 20:03:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2003/11/03 17:40:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/04 06:22:05 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/28 18:53:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/23 07:56:31 | 000,000,042 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2003/09/23 06:03:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/22 20:49:24 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/21 07:22:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2003/09/21 07:22:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2003/09/20 17:15:05 | 000,001,765 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/20 17:04:20 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2003/09/20 17:04:20 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2003/09/20 15:34:27 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2003/09/20 15:27:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2003/09/20 15:25:51 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2003/09/20 13:57:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/07 14:01:52 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/06/04 19:40:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/06/04 19:40:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/06/04 19:40:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/06/04 19:40:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/04 19:10:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/06/04 19:10:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/06/04 19:10:41 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/06/04 19:10:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/06/04 19:10:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/10 06:35:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 06:34:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/10 06:21:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 03:51:07 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 03:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 02:32:34 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 02:32:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 02:06:10 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 02:04:00 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/04/10 02:03:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 02:03:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 01:57:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 01:57:04 | 000,000,856 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 01:16:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 01:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/10 01:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/10 00:44:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 00:44:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 00:44:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 00:23:21 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 00:21:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 00:16:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/10 00:05:45 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 00:05:26 | 000,465,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 00:05:26 | 000,083,290 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/09 17:10:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/09 17:09:25 | 000,423,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 18:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 16:23:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ringtone.dll
[2003/01/13 13:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 10:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 10:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/17 23:45:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\MidiTran61v20.dll
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/25 13:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 13:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/14 20:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2001/05/28 11:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2001/05/09 01:40:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Translate.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2011/11/10 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/06/24 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2011/11/10 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/23 06:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/23 06:23:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/08 14:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/07/28 14:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/09/23 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/11/13 08:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/06/17 15:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/16 16:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/25 17:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/19 19:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2004/08/01 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/03 08:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/08/24 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2011/11/09 19:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/07/17 20:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/01 20:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/06/03 20:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/01/22 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2005/08/16 06:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.ABC 3.01
[2004/12/30 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.BitTornado
[2005/05/26 18:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2005/07/14 18:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/06/24 20:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Avery
[2011/11/08 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/11/08 18:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2010/09/18 21:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2011/10/05 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\calibre
[2011/11/07 16:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CzONyxA1uSoFpGs
[2011/11/13 11:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/05/10 06:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/11/07 16:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fjUCelIBtPyAiDo
[2010/06/29 07:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flock
[2006/10/07 10:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2008/12/10 22:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007/11/29 08:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2005/04/16 08:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/09/25 18:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2011/11/08 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/11/07 16:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\konG4amH6W7E9Tq
[2009/08/26 16:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2011/11/07 16:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oS1ibD3on4Q6W7R
[2006/07/25 17:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2003/09/22 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2003/04/10 02:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/11/07 15:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SBtxP0ucSi
[2008/03/01 08:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOPzilla!
[2011/11/07 15:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\t0ucS2ibFpaJdKf
[2003/09/20 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2008/08/28 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2011/11/07 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\xTXqjYCekBzNx1v
[2011/11/07 16:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Y2ibD3pnGaHdKfL
[2011/11/07 15:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Y4amH6sWKfLgXjC
[2011/11/07 16:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\yA1uvD2ob4m
[2011/11/07 15:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\z3pmG5aQJdKfZhX
[2008/03/01 08:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zylom
[2008/03/29 14:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Edited by sah_fb, 14 November 2011 - 09:48 AM.

  • 0

Advertisements

#2
emeraldnzl
Posted 17 November 2011 - 01:16 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sah_fb,

Welcome to Geekstogo.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/11/08 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/08/28 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2011/11/07 15:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\xTXqjYCekBzNx1v
[2011/11/07 16:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Y2ibD3pnGaHdKfL
[2011/11/07 15:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Y4amH6sWKfLgXjC
[2011/11/07 16:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\yA1uvD2ob4m
[2011/11/07 15:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\z3pmG5aQJdKfZhX

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you have finished please post
  • OTL log
  • Malwarebytes report
  • 0

#3
sah_fb
Posted 17 November 2011 - 07:40 AM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I ran the OTL scan that you requested. No log showed on desktop after the reboot.
Is it in another place perhaps? the box said completed successfully ok to reboot.

Malware Bytes scan is running now
heading to work will check in this evening


many thanks for helping me out

Edited by sah_fb, 17 November 2011 - 08:31 AM.

  • 0

#4
emeraldnzl
Posted 17 November 2011 - 12:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I ran the OTL scan that you requested. No log showed on desktop after the reboot.
Is it in another place perhaps?


A copy of an OTL fix log is saved in a text file at

:\_OTL\Moved Files
in most cases this will be C:\_OTL\Moved Files

Malware Bytes scan is running now
heading to work will check in this evening


Look forward to seeing the results. :)
  • 0

#5
sah_fb
Posted 17 November 2011 - 04:27 PM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Documents and Settings\Owner\Application Data\IObit\Smart Defrag 2 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\IObit\IObit Uninstaller folder moved successfully.
C:\Documents and Settings\Owner\Application Data\IObit\IObit Malware Fighter folder moved successfully.
C:\Documents and Settings\Owner\Application Data\IObit folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Owner\Application Data\xTXqjYCekBzNx1v folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Y2ibD3pnGaHdKfL folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Y4amH6sWKfLgXjC folder moved successfully.
C:\Documents and Settings\Owner\Application Data\yA1uvD2ob4m folder moved successfully.
C:\Documents and Settings\Owner\Application Data\z3pmG5aQJdKfZhX folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3598 bytes
->Temporary Internet Files folder emptied: 526550067 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 39763 bytes

User: Owner
->Temp folder emptied: 753230 bytes
->Temporary Internet Files folder emptied: 77438238 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14645630 bytes
->Apple Safari cache emptied: 26702848 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 13574 bytes

%systemdrive% .tmp files removed: 156 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3907924 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12919512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 632.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11172011_073446



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8182

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2011 10:02:38 AM
mbam-log-2011-11-17 (10-02-36).txt

Scan type: Quick scan
Objects scanned: 182637
Time elapsed: 32 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
emeraldnzl
Posted 17 November 2011 - 04:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sah_fb,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
sah_fb
Posted 17 November 2011 - 06:39 PM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
when running combofix,
i got a warning box
combofix has detected the following real time scanner
Norton AntiVirus 2005

i haven't had Norton on this machine in years and years
so i am running a norton uninstaller
however this is asking for restart to complete
is that ok?!

Edited by sah_fb, 17 November 2011 - 06:49 PM.

  • 0

#8
emeraldnzl
Posted 17 November 2011 - 08:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

however this is asking for restart to complete
is that ok?!


Yes that's okay now that you are there. You will likely have to re-run ComboFix though. If it happens again (Norton Uninstaller doesn't always remove everything) just click to continue when ComboFix asks.

i haven't had Norton on this machine in years and years


Often there are residues left behind when Norton is uninstalled. The Norton uninstaller should remove them but sometimes it doesn't get it all on the first run. You may need to run it two or three times. You can do that after running ComboFix though. Shouldn't be a problem. :)
  • 0

#9
sah_fb
Posted 17 November 2011 - 09:33 PM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 11-11-17.03 - Owner 11/17/2011 21:24:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.564 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton AntiVirus 2005 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameF.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\3M
c:\documents and settings\Owner\Application Data\3M\PSNotes\PSNData
c:\documents and settings\Owner\WINDOWS
c:\windows\$NtUninstallKB38286$
c:\windows\$NtUninstallKB38286$\1915414436\@
c:\windows\$NtUninstallKB38286$\1915414436\bckfg.tmp
c:\windows\$NtUninstallKB38286$\1915414436\cfg.ini
c:\windows\$NtUninstallKB38286$\1915414436\Desktop.ini
c:\windows\$NtUninstallKB38286$\1915414436\keywords
c:\windows\$NtUninstallKB38286$\1915414436\kwrd.dll
c:\windows\$NtUninstallKB38286$\1915414436\L\bmtkekhz
c:\windows\$NtUninstallKB38286$\1915414436\lsflt7.ver
c:\windows\$NtUninstallKB38286$\1915414436\U\00000001.@
c:\windows\$NtUninstallKB38286$\1915414436\U\00000002.@
c:\windows\$NtUninstallKB38286$\1915414436\U\00000004.@
c:\windows\$NtUninstallKB38286$\1915414436\U\80000000.@
c:\windows\$NtUninstallKB38286$\1915414436\U\80000004.@
c:\windows\$NtUninstallKB38286$\1915414436\U\80000032.@
c:\windows\$NtUninstallKB38286$\2524497527
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\help\wmplayer.bak
c:\windows\patch.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\dumphive.exe
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\Process.exe
c:\windows\system32\ps2.bat
c:\windows\system32\regobj.dll
c:\windows\system32\spool\prtprocs\w32x86\LXASPP.DLL
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
D:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 00:59 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-11-18 00:59 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-17 14:16 . 2011-11-17 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-17 14:16 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 12:34 . 2011-11-17 12:34 -------- d-----w- C:\_OTL
2011-11-10 22:49 . 2011-02-15 18:17 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-11-10 22:48 . 2011-11-10 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
2011-11-10 00:11 . 2011-11-10 00:11 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-10 00:11 . 2011-11-10 00:11 -------- d-----w- c:\program files\Trend Micro
2011-11-09 02:36 . 2011-11-09 02:38 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2011-11-09 02:00 . 2011-11-09 02:00 -------- d-----w- C:\$AVG
2011-11-08 23:28 . 2011-11-17 14:11 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-08 23:28 . 2011-11-11 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-08 23:26 . 2011-11-09 02:35 -------- d-----w- c:\program files\AVG
2011-11-08 20:20 . 2011-11-08 20:20 -------- d-----w- c:\program files\CCleaner
2011-11-08 19:07 . 2011-11-08 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-11-07 23:26 . 2011-11-07 23:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-11-07 23:26 . 2011-11-07 23:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-07 22:40 . 2011-11-07 22:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2011-11-07 21:51 . 2011-11-07 21:51 -------- d-----w- c:\documents and settings\Owner\Application Data\CzONyxA1uSoFpGs
2011-11-07 21:51 . 2011-11-07 21:51 -------- d-----w- c:\documents and settings\Owner\Application Data\konG4amH6W7E9Tq
2011-11-07 21:22 . 2011-11-07 21:22 -------- d-----w- c:\documents and settings\Owner\Application Data\fjUCelIBtPyAiDo
2011-11-07 21:01 . 2011-11-07 21:01 -------- d-----w- c:\documents and settings\Owner\Application Data\oS1ibD3on4Q6W7R
2011-11-07 20:22 . 2011-11-07 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\t0ucS2ibFpaJdKf
2011-11-07 20:22 . 2011-11-07 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\SBtxP0ucSi
2011-10-29 17:49 . 2011-10-29 17:49 -------- d-----w- c:\windows\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
2011-10-29 17:12 . 2011-10-29 17:50 -------- d-----w- c:\program files\Belkin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 21:55 . 2011-05-19 10:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2002-09-23 19:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-06-05 00:10 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-06-05 00:10 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2003-06-05 00:12 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-06-05 00:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-06-05 00:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 19:19 . 2005-02-06 13:09 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2005-11-14 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autobahn.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\autobahn.lnk
backup=c:\windows\pss\autobahn.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to Verizon Online.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Shortcut to Verizon Online.lnk
backup=c:\windows\pss\Shortcut to Verizon Online.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2006-01-13 00:52 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-11 00:57 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 18:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 22:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-29 12:08 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-03-12 00:11 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2011-02-25 02:08 1770400 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 18:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 19:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-03-18 08:50 331776 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-01-27 21:39 1179648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-18 00:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-03-01 05:10 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebLink]
2003-02-21 11:09 524288 ----a-w- c:\program files\Softex\Weblink\WebLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12118:TCP"= 12118:TCP:*:Disabled:BitComet 12118 TCP
"12118:UDP"= 12118:UDP:*:Disabled:BitComet 12118 UDP
"13394:TCP"= 13394:TCP:*:Disabled:BitComet 13394 TCP
"13394:UDP"= 13394:UDP:*:Disabled:BitComet 13394 UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/27/2011 4:53 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 MpKsl1a01b551;MpKsl1a01b551;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E54259A-6FDB-4F5E-B8B5-69700FDBED67}\MpKsl1a01b551.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E54259A-6FDB-4F5E-B8B5-69700FDBED67}\MpKsl1a01b551.sys [?]
S1 MpKsl224ed0c5;MpKsl224ed0c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811E6BBD-661E-4FAF-8022-060D105E8B96}\MpKsl224ed0c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{811E6BBD-661E-4FAF-8022-060D105E8B96}\MpKsl224ed0c5.sys [?]
S1 MpKsl5587e3fd;MpKsl5587e3fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73B3F987-91B1-419F-A6EC-AF24C51B5D49}\MpKsl5587e3fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73B3F987-91B1-419F-A6EC-AF24C51B5D49}\MpKsl5587e3fd.sys [?]
S1 MpKsla0d6cefb;MpKsla0d6cefb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DE40D87-7055-4887-8D3D-44E267443ECA}\MpKsla0d6cefb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DE40D87-7055-4887-8D3D-44E267443ECA}\MpKsla0d6cefb.sys [?]
S1 MpKsladd0fc8c;MpKsladd0fc8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A11B074-4B03-46DD-95E6-6E6A20DFC028}\MpKsladd0fc8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A11B074-4B03-46DD-95E6-6E6A20DFC028}\MpKsladd0fc8c.sys [?]
S1 MpKslaf82b1fd;MpKslaf82b1fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BD7069C-69FE-4ADE-AD01-7B6BD0D3538C}\MpKslaf82b1fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BD7069C-69FE-4ADE-AD01-7B6BD0D3538C}\MpKslaf82b1fd.sys [?]
S1 MpKslec5a8081;MpKslec5a8081;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEBE26CC-9FE2-43E7-88C9-CADD3096EAAA}\MpKslec5a8081.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEBE26CC-9FE2-43E7-88C9-CADD3096EAAA}\MpKslec5a8081.sys [?]
S1 MpKslede7594f;MpKslede7594f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42C2C36A-3687-4D6C-9614-0322CF3D6152}\MpKslede7594f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42C2C36A-3687-4D6C-9614-0322CF3D6152}\MpKslede7594f.sys [?]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [3/7/2004 9:16 AM 15104]
S2 mrtRate;mrtRate; [x]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S3 Ips3hcih_d;Ips3hcih_d; [x]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 2:09 PM 599936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 12:08]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 12:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: //rhapapp.real.com/
Trusted Zone: listen.com\www
Trusted Zone: llnwd.net
Trusted Zone: real.com
Trusted Zone: real.com\rhapapp
Trusted Zone: realone.com\i
Trusted Zone: rhapsody.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0723644E-0885-4B83-ACEC-891E530A0F47}: DhcpNameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
TCP: Interfaces\{67411ACD-F722-47C1-B76A-8B39717AF81B}: DhcpNameServer = 208.67.220.220,208.67.222.222
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Ad-aware - c:\program files\Lavasoft\Ad-aware 6\Ad-aware.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
MSConfigStartUp-DVDTray - c:\program files\Ahead\ODD Toolkit\DVDTray.exe
MSConfigStartUp-ihsnwpsd - c:\documents and settings\All Users\Application Data\ihsnwpsd.exe
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PrevxOne - c:\program files\Prevx2\PXConsole.exe
MSConfigStartUp-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealOne Player\RealPlay.exe
MSConfigStartUp-RoxioAudioCentral - c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
MSConfigStartUp-RoxioEngineUtility - c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
MSConfigStartUp-runner1 - c:\windows\retadpu2000352.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-SWN2 - c:\program files\Spyware Nuker\swnxt.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-wcmdmgr - c:\windows\wt\updater\wcmdmgrl.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-WT GameChannel - c:\program files\WildTangent\Apps\GameChannel.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-zIBrzPNyc1v2n4m8234A - c:\windows\system32\yD3pnG4aQ6W7R9T.exe
AddRemove-Slot City 2 - c:\program files\Encore Software\Slot City 2 Plus Video Poker\Uninst.isu
AddRemove-Google Chrome - c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 21:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,bc,3b,86,09,ec,1e,4c,aa,b8,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,bc,3b,86,09,ec,1e,4c,aa,b8,c8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2011-11-17 22:11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-18 03:11
.
Pre-Run: 68,218,617,856 bytes free
Post-Run: 68,773,351,424 bytes free
.
- - End Of File - - DE10A4B37354CC2CF34CF96F2D2AA588
  • 0

#10
emeraldnzl
Posted 17 November 2011 - 11:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sah_fb,

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
After that

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
So when you return please post
  • TDSSkiller report
  • checkup.txt
  • 0

Advertisements

#11
sah_fb
Posted 18 November 2011 - 05:10 AM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
05:58:14.0218 2356 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
05:58:14.0687 2356 ============================================================
05:58:14.0687 2356 Current date / time: 2011/11/18 05:58:14.0687
05:58:14.0687 2356 SystemInfo:
05:58:14.0687 2356
05:58:14.0687 2356 OS Version: 5.1.2600 ServicePack: 3.0
05:58:14.0687 2356 Product type: Workstation
05:58:14.0687 2356 ComputerName: OUR-COMPUTER
05:58:14.0687 2356 UserName: Owner
05:58:14.0687 2356 Windows directory: C:\WINDOWS
05:58:14.0687 2356 System windows directory: C:\WINDOWS
05:58:14.0687 2356 Processor architecture: Intel x86
05:58:14.0687 2356 Number of processors: 2
05:58:14.0687 2356 Page size: 0x1000
05:58:14.0687 2356 Boot type: Normal boot
05:58:14.0687 2356 ============================================================
05:58:24.0218 2356 Initialize success
05:58:34.0421 3964 ============================================================
05:58:34.0421 3964 Scan started
05:58:34.0421 3964 Mode: Manual;
05:58:34.0421 3964 ============================================================
05:58:36.0234 3964 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
05:58:36.0703 3964 61883 - ok
05:58:36.0890 3964 Abiosdsk - ok
05:58:37.0109 3964 abp480n5 - ok
05:58:37.0421 3964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:58:37.0421 3964 ACPI - ok
05:58:37.0796 3964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:58:38.0125 3964 ACPIEC - ok
05:58:38.0359 3964 adpu160m - ok
05:58:38.0765 3964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:58:38.0781 3964 aec - ok
05:58:39.0046 3964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:58:39.0093 3964 AFD - ok
05:58:39.0375 3964 AFGMp50 - ok
05:58:39.0671 3964 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
05:58:40.0000 3964 AFGSp50 - ok
05:58:40.0265 3964 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
05:58:40.0312 3964 AFS2K - ok
05:58:40.0531 3964 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
05:58:40.0921 3964 agp440 - ok
05:58:41.0156 3964 Aha154x - ok
05:58:41.0343 3964 aic78u2 - ok
05:58:41.0578 3964 aic78xx - ok
05:58:41.0890 3964 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
05:58:43.0046 3964 ALCXSENS - ok
05:58:43.0484 3964 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
05:58:44.0062 3964 ALCXWDM - ok
05:58:44.0296 3964 AliIde - ok
05:58:44.0578 3964 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
05:58:44.0875 3964 AmdK7 - ok
05:58:45.0109 3964 amsint - ok
05:58:45.0375 3964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:58:45.0921 3964 Arp1394 - ok
05:58:46.0109 3964 asc - ok
05:58:46.0343 3964 asc3350p - ok
05:58:46.0546 3964 asc3550 - ok
05:58:46.0968 3964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:58:47.0234 3964 AsyncMac - ok
05:58:47.0531 3964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:58:47.0531 3964 atapi - ok
05:58:47.0765 3964 Atdisk - ok
05:58:48.0046 3964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:58:48.0359 3964 Atmarpc - ok
05:58:48.0750 3964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:58:49.0062 3964 audstub - ok
05:58:49.0296 3964 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
05:58:49.0484 3964 Avc - ok
05:58:49.0718 3964 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
05:58:49.0796 3964 AVGIDSDriver - ok
05:58:50.0078 3964 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
05:58:50.0453 3964 AVGIDSEH - ok
05:58:50.0703 3964 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
05:58:50.0703 3964 AVGIDSFilter - ok
05:58:50.0906 3964 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
05:58:50.0937 3964 AVGIDSShim - ok
05:58:51.0234 3964 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
05:58:51.0515 3964 Avgldx86 - ok
05:58:51.0734 3964 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
05:58:52.0609 3964 Avgmfx86 - ok
05:58:52.0968 3964 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
05:58:53.0484 3964 Avgrkx86 - ok
05:58:53.0859 3964 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
05:58:54.0312 3964 Avgtdix - ok
05:58:54.0625 3964 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
05:58:55.0421 3964 BANTExt - ok
05:58:55.0640 3964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:58:55.0906 3964 Beep - ok
05:58:56.0312 3964 BulkUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\Drivers\usbscan.sys
05:58:56.0312 3964 BulkUsb - ok
05:58:56.0312 3964 catchme - ok
05:58:56.0562 3964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:58:56.0968 3964 cbidf2k - ok
05:58:57.0234 3964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:58:57.0484 3964 CCDECODE - ok
05:58:57.0718 3964 cd20xrnt - ok
05:58:58.0031 3964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:58:58.0187 3964 Cdaudio - ok
05:58:58.0453 3964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:58:58.0468 3964 Cdfs - ok
05:58:58.0812 3964 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
05:58:59.0062 3964 Cdr4_xp - ok
05:58:59.0437 3964 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
05:58:59.0453 3964 Cdralw2k - ok
05:58:59.0687 3964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:58:59.0984 3964 Cdrom - ok
05:59:00.0265 3964 cdudf_xp (849e1e16288133f4aa412b2ff6813197) C:\WINDOWS\system32\drivers\cdudf_xp.sys
05:59:00.0656 3964 cdudf_xp - ok
05:59:00.0875 3964 Changer - ok
05:59:01.0109 3964 CmdIde - ok
05:59:01.0343 3964 Cpqarray - ok
05:59:01.0656 3964 dac2w2k - ok
05:59:01.0968 3964 dac960nt - ok
05:59:02.0359 3964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:59:02.0609 3964 Disk - ok
05:59:02.0906 3964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:59:03.0390 3964 dmboot - ok
05:59:03.0765 3964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:59:04.0109 3964 dmio - ok
05:59:04.0312 3964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:59:04.0500 3964 dmload - ok
05:59:04.0734 3964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:59:04.0750 3964 DMusic - ok
05:59:05.0000 3964 dpti2o - ok
05:59:05.0265 3964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:59:05.0265 3964 drmkaud - ok
05:59:05.0500 3964 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
05:59:05.0781 3964 drvmcdb - ok
05:59:06.0046 3964 DVDVRRdr_xp (b930b8d83996fadecc3b24f4f91207fe) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
05:59:06.0218 3964 DVDVRRdr_xp - ok
05:59:06.0468 3964 dvd_2K (a85194c160f9c4d0ad8a87321738304a) C:\WINDOWS\system32\drivers\dvd_2K.sys
05:59:06.0750 3964 dvd_2K - ok
05:59:06.0968 3964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:59:07.0187 3964 Fastfat - ok
05:59:07.0609 3964 fasttx2k (c3901c5b9e491daa8c96d4219f691ef5) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
05:59:07.0828 3964 fasttx2k - ok
05:59:08.0156 3964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:59:08.0578 3964 Fdc - ok
05:59:08.0843 3964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:59:09.0062 3964 Fips - ok
05:59:09.0375 3964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:59:09.0625 3964 Flpydisk - ok
05:59:09.0906 3964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:59:10.0437 3964 FltMgr - ok
05:59:10.0765 3964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:59:11.0015 3964 Fs_Rec - ok
05:59:11.0312 3964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:59:11.0500 3964 Ftdisk - ok
05:59:11.0734 3964 GEARAspiWDM (46f23cfc888b0a4397aae705c8af92af) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:59:11.0859 3964 GEARAspiWDM - ok
05:59:12.0125 3964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:59:12.0328 3964 Gpc - ok
05:59:12.0546 3964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:59:12.0718 3964 HidUsb - ok
05:59:12.0906 3964 hpn - ok
05:59:13.0109 3964 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
05:59:13.0171 3964 HPZid412 - ok
05:59:13.0390 3964 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
05:59:13.0421 3964 HPZipr12 - ok
05:59:13.0703 3964 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
05:59:13.0750 3964 HPZius12 - ok
05:59:14.0046 3964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:59:14.0109 3964 HTTP - ok
05:59:14.0296 3964 i2omgmt - ok
05:59:14.0531 3964 i2omp - ok
05:59:14.0796 3964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:59:15.0000 3964 i8042prt - ok
05:59:15.0218 3964 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
05:59:15.0453 3964 ialm - ok
05:59:15.0671 3964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:59:15.0843 3964 Imapi - ok
05:59:16.0062 3964 ini910u - ok
05:59:16.0546 3964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
05:59:16.0796 3964 IntelIde - ok
05:59:17.0062 3964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:59:17.0687 3964 intelppm - ok
05:59:18.0046 3964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:59:18.0250 3964 Ip6Fw - ok
05:59:18.0515 3964 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
05:59:18.0671 3964 IPFilter - ok
05:59:18.0875 3964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:59:19.0062 3964 IpFilterDriver - ok
05:59:19.0375 3964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:59:19.0546 3964 IpInIp - ok
05:59:19.0750 3964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:59:19.0765 3964 IpNat - ok
05:59:20.0031 3964 Ips3hcih_d - ok
05:59:20.0296 3964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:59:20.0531 3964 IPSec - ok
05:59:20.0796 3964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:59:20.0968 3964 IRENUM - ok
05:59:21.0187 3964 is3srv - ok
05:59:21.0453 3964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:59:21.0640 3964 isapnp - ok
05:59:22.0109 3964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:59:23.0156 3964 Kbdclass - ok
05:59:23.0390 3964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:59:23.0593 3964 kbdhid - ok
05:59:24.0156 3964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:59:24.0171 3964 kmixer - ok
05:59:24.0468 3964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:59:24.0500 3964 KSecDD - ok
05:59:24.0796 3964 Lbd - ok
05:59:25.0140 3964 lbrtfdc - ok
05:59:25.0484 3964 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
05:59:26.0140 3964 ltmodem5 - ok
05:59:26.0390 3964 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
05:59:26.0437 3964 MASPINT - ok
05:59:26.0609 3964 MCSTRM - ok
05:59:26.0828 3964 mmc_2K (c032e945b949921f4e85d9c255dd99a7) C:\WINDOWS\system32\drivers\mmc_2K.sys
05:59:27.0093 3964 mmc_2K - ok
05:59:27.0343 3964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:59:27.0593 3964 mnmdd - ok
05:59:27.0906 3964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:59:27.0906 3964 Modem - ok
05:59:28.0203 3964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:59:28.0421 3964 Mouclass - ok
05:59:28.0765 3964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:59:28.0890 3964 mouhid - ok
05:59:29.0187 3964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:59:29.0421 3964 MountMgr - ok
05:59:29.0578 3964 MpKsl1a01b551 - ok
05:59:29.0750 3964 MpKsl224ed0c5 - ok
05:59:29.0859 3964 MpKsl5587e3fd - ok
05:59:30.0015 3964 MpKsla0d6cefb - ok
05:59:30.0265 3964 MpKsladd0fc8c - ok
05:59:30.0406 3964 MpKslaf82b1fd - ok
05:59:30.0562 3964 MpKslec5a8081 - ok
05:59:30.0718 3964 MpKslede7594f - ok
05:59:30.0890 3964 mraid35x - ok
05:59:31.0125 3964 mrtRate - ok
05:59:31.0375 3964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:59:31.0421 3964 MRxDAV - ok
05:59:31.0656 3964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:59:31.0750 3964 MRxSmb - ok
05:59:32.0000 3964 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
05:59:32.0171 3964 MSDV - ok
05:59:32.0390 3964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:59:32.0578 3964 Msfs - ok
05:59:32.0828 3964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:59:33.0062 3964 MSKSSRV - ok
05:59:33.0281 3964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:59:33.0531 3964 MSPCLOCK - ok
05:59:33.0812 3964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:59:34.0000 3964 MSPQM - ok
05:59:34.0250 3964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:59:34.0250 3964 mssmbios - ok
05:59:34.0453 3964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:59:34.0671 3964 MSTEE - ok
05:59:34.0890 3964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:59:34.0937 3964 Mup - ok
05:59:35.0171 3964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:59:35.0375 3964 NABTSFEC - ok
05:59:35.0656 3964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:59:35.0890 3964 NDIS - ok
05:59:36.0171 3964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:59:36.0281 3964 NdisIP - ok
05:59:36.0578 3964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:59:36.0609 3964 NdisTapi - ok
05:59:36.0875 3964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:59:36.0875 3964 Ndisuio - ok
05:59:37.0156 3964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:59:37.0421 3964 NdisWan - ok
05:59:37.0703 3964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:59:37.0734 3964 NDProxy - ok
05:59:38.0015 3964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:59:38.0281 3964 NetBIOS - ok
05:59:38.0546 3964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:59:38.0843 3964 NetBT - ok
05:59:39.0078 3964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:59:39.0296 3964 NIC1394 - ok
05:59:39.0593 3964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:59:39.0828 3964 Npfs - ok
05:59:40.0140 3964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:59:40.0546 3964 Ntfs - ok
05:59:40.0812 3964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:59:41.0046 3964 Null - ok
05:59:41.0484 3964 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:59:41.0812 3964 nv - ok
05:59:42.0093 3964 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
05:59:42.0265 3964 nv_agp - ok
05:59:42.0531 3964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:59:42.0750 3964 NwlnkFlt - ok
05:59:43.0015 3964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:59:43.0203 3964 NwlnkFwd - ok
05:59:43.0468 3964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:59:43.0468 3964 ohci1394 - ok
05:59:43.0875 3964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:59:44.0046 3964 Parport - ok
05:59:44.0359 3964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:59:44.0546 3964 PartMgr - ok
05:59:44.0765 3964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:59:44.0781 3964 ParVdm - ok
05:59:44.0890 3964 PCDRDRV - ok
05:59:45.0156 3964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:59:45.0421 3964 PCI - ok
05:59:45.0609 3964 PCIDump - ok
05:59:45.0875 3964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:59:46.0093 3964 PCIIde - ok
05:59:46.0343 3964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:59:46.0546 3964 Pcmcia - ok
05:59:46.0890 3964 Pcouffin - ok
05:59:47.0109 3964 PDCOMP - ok
05:59:47.0359 3964 PDFRAME - ok
05:59:47.0578 3964 PDRELI - ok
05:59:47.0812 3964 PDRFRAME - ok
05:59:48.0156 3964 perc2 - ok
05:59:48.0375 3964 perc2hib - ok
05:59:48.0765 3964 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
05:59:48.0937 3964 pfc - ok
05:59:49.0203 3964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:59:49.0375 3964 PptpMiniport - ok
05:59:49.0687 3964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:59:49.0906 3964 Processor - ok
05:59:50.0140 3964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
05:59:50.0312 3964 Ps2 - ok
05:59:50.0593 3964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:59:50.0765 3964 Ptilink - ok
05:59:51.0031 3964 pwd_2k (1729bcde0e2fdd3f2eb8474e6e83913a) C:\WINDOWS\system32\drivers\pwd_2k.sys
05:59:51.0265 3964 pwd_2k - ok
05:59:51.0593 3964 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
05:59:51.0796 3964 PxHelp20 - ok
05:59:51.0984 3964 ql1080 - ok
05:59:52.0171 3964 Ql10wnt - ok
05:59:52.0437 3964 ql12160 - ok
05:59:52.0625 3964 ql1240 - ok
05:59:52.0812 3964 ql1280 - ok
05:59:53.0046 3964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:59:53.0171 3964 RasAcd - ok
05:59:53.0437 3964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:59:53.0562 3964 Rasl2tp - ok
05:59:53.0812 3964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:59:53.0984 3964 RasPppoe - ok
05:59:54.0218 3964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:59:54.0343 3964 Raspti - ok
05:59:54.0609 3964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:59:54.0781 3964 Rdbss - ok
05:59:55.0046 3964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:59:55.0234 3964 RDPCDD - ok
05:59:55.0484 3964 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:59:55.0546 3964 RDPWD - ok
05:59:55.0750 3964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:59:55.0890 3964 redbook - ok
05:59:56.0390 3964 RTL8023xp (d05453b44f98f0e975a36081f4362be5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
05:59:56.0640 3964 RTL8023xp - ok
05:59:56.0875 3964 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
05:59:57.0109 3964 rtl8139 - ok
05:59:57.0687 3964 RTL8192su (fd0a03c5e862e3c0bcf4e9438d1878f4) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
05:59:58.0484 3964 RTL8192su - ok
05:59:58.0953 3964 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
05:59:59.0218 3964 S3Psddr - ok
05:59:59.0453 3964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:59:59.0500 3964 Secdrv - ok
05:59:59.0828 3964 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:59:59.0906 3964 Serenum - ok
06:00:00.0156 3964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:00:00.0281 3964 Serial - ok
06:00:00.0562 3964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:00:00.0765 3964 Sfloppy - ok
06:00:00.0968 3964 Simbad - ok
06:00:01.0234 3964 SiS315 (3b37b6cdd8ccc24f294b9914cc54dba0) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
06:00:01.0500 3964 SiS315 - ok
06:00:01.0687 3964 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
06:00:01.0843 3964 SISAGP - ok
06:00:02.0062 3964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:00:02.0218 3964 SLIP - ok
06:00:02.0437 3964 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
06:00:02.0562 3964 SmartDefragDriver - ok
06:00:02.0750 3964 Sparrow - ok
06:00:03.0000 3964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:00:03.0000 3964 splitter - ok
06:00:03.0234 3964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:00:03.0843 3964 sr - ok
06:00:04.0125 3964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:00:04.0187 3964 Srv - ok
06:00:04.0468 3964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:00:04.0687 3964 streamip - ok
06:00:04.0890 3964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:00:05.0015 3964 swenum - ok
06:00:05.0265 3964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:00:05.0265 3964 swmidi - ok
06:00:05.0468 3964 symc810 - ok
06:00:05.0640 3964 symc8xx - ok
06:00:05.0843 3964 sym_hi - ok
06:00:06.0015 3964 sym_u3 - ok
06:00:06.0234 3964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:00:06.0250 3964 sysaudio - ok
06:00:06.0468 3964 szkg5 - ok
06:00:06.0687 3964 szkgfs - ok
06:00:07.0000 3964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:00:07.0046 3964 Tcpip - ok
06:00:07.0265 3964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:00:07.0406 3964 TDPIPE - ok
06:00:07.0656 3964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:00:07.0828 3964 TDTCP - ok
06:00:08.0093 3964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:00:08.0296 3964 TermDD - ok
06:00:08.0687 3964 TosIde - ok
06:00:08.0953 3964 UDFReadr (14826dbde814e4c4ebd2a0e826596f54) C:\WINDOWS\system32\drivers\UDFReadr.sys
06:00:09.0093 3964 UDFReadr - ok
06:00:09.0328 3964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:00:09.0546 3964 Udfs - ok
06:00:09.0718 3964 ultra - ok
06:00:10.0046 3964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:00:10.0281 3964 Update - ok
06:00:10.0515 3964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:00:10.0734 3964 usbaudio - ok
06:00:10.0953 3964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:00:10.0953 3964 usbccgp - ok
06:00:11.0156 3964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:00:11.0359 3964 usbehci - ok
06:00:11.0562 3964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:00:11.0687 3964 usbhub - ok
06:00:11.0906 3964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:00:12.0093 3964 usbohci - ok
06:00:12.0359 3964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:00:12.0359 3964 usbprint - ok
06:00:12.0609 3964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:00:12.0609 3964 usbscan - ok
06:00:12.0828 3964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:00:12.0843 3964 USBSTOR - ok
06:00:13.0062 3964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:00:13.0203 3964 usbuhci - ok
06:00:13.0468 3964 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
06:00:13.0671 3964 USB_RNDIS_XP - ok
06:00:13.0921 3964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:00:14.0062 3964 VgaSave - ok
06:00:14.0281 3964 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
06:00:14.0468 3964 viaagp1 - ok
06:00:14.0703 3964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
06:00:14.0796 3964 ViaIde - ok
06:00:15.0031 3964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:00:15.0281 3964 VolSnap - ok
06:00:15.0562 3964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:00:15.0734 3964 Wanarp - ok
06:00:15.0906 3964 WDICA - ok
06:00:16.0140 3964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:00:16.0187 3964 wdmaud - ok
06:00:16.0468 3964 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:00:16.0593 3964 WpdUsb - ok
06:00:16.0890 3964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:00:17.0000 3964 WS2IFSL - ok
06:00:17.0218 3964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:00:17.0359 3964 WSTCODEC - ok
06:00:17.0578 3964 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:00:17.0750 3964 WudfPf - ok
06:00:18.0000 3964 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
06:00:18.0140 3964 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
06:00:18.0390 3964 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
06:00:18.0703 3964 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
06:00:18.0718 3964 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
06:00:18.0734 3964 \Device\Harddisk0\DR0 - ok
06:00:18.0734 3964 Boot (0x1200) (6b62d1522010d249065d3fc41e311714) \Device\Harddisk0\DR0\Partition0
06:00:18.0734 3964 \Device\Harddisk0\DR0\Partition0 - ok
06:00:18.0765 3964 Boot (0x1200) (e42f0fe41340691d29b97155c5d48d34) \Device\Harddisk0\DR0\Partition1
06:00:18.0765 3964 \Device\Harddisk0\DR0\Partition1 - ok
06:00:18.0765 3964 ============================================================
06:00:18.0765 3964 Scan finished
06:00:18.0765 3964 ============================================================
06:00:18.0796 2776 Detected object count: 0
06:00:18.0796 2776 Actual detected object count: 0
06:00:55.0953 1568 Deinitialize success


Results of screen317's Security Check version 0.99.27
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
HijackThis 2.0.2
AVG PC Tuneup 2011
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox ((3.6.13)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
  • 0

#12
emeraldnzl
Posted 18 November 2011 - 11:38 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sah_fb,

You have an old version of Spybot Search & Destroy. Up to you but I would uninstall this. It might be part of the cause of your slow performing computer. You can reinstall it later if you wish.

Now

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Next

  • Close all windows and open OTL again.
  • under the Extra Registry heading please check Use SafeList
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
When you return please post
  • MBRCheck report
  • OTL logs OTL.txt and Extras.txt

  • 0

#13
sah_fb
Posted 18 November 2011 - 03:28 PM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
once again many thanks for helping me out


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fd

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7438000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7427000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7408000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF73F0000 atapi.sys
0xF73CD000 fasttx2k.sys
0xF73B5000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7395000 fltmgr.sys
0xF7383000 sr.sys
0xF74D7000 PxHelp20.sys
0xF736F000 drvmcdb.sys
0xF7358000 KSecDD.sys
0xF7345000 WudfPf.sys
0xF72B8000 Ntfs.sys
0xF728B000 NDIS.sys
0xF7717000 viaagp1.sys
0xF798B000 SmartDefragDriver.sys
0xF771F000 SISAGPX.sys
0xF74E7000 ohci1394.sys
0xF74F7000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF789B000 nv_agp.sys
0xF7271000 Mup.sys
0xF7727000 avgrkx86.sys
0xF789F000 AVGIDSEH.Sys
0xF7507000 agp440.sys
0xF7587000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6808000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF67F4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77E7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF67D0000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6735000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF77F7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6718000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF7597000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7807000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF796F000 \SystemRoot\System32\DRIVERS\IPFilter.sys
0xF780F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF75A7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7973000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7817000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF6704000 \SystemRoot\System32\DRIVERS\parport.sys
0xF75B7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF75C7000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7977000 \SystemRoot\system32\drivers\pfc.sys
0xF75D7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF75E7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF66E1000 \SystemRoot\System32\DRIVERS\ks.sys
0xF797B000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF66C4000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF6497000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6473000 \SystemRoot\system32\drivers\portcls.sys
0xF75F7000 \SystemRoot\system32\drivers\drmk.sys
0xF7ABA000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7607000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF724D000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF645C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7617000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF781F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7827000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF782F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7627000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF63FE000 \SystemRoot\System32\DRIVERS\update.sys
0xF7241000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7837000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF7637000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7647000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79D1000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF783F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7667000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7857000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AFF000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF785F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7867000 \SystemRoot\System32\drivers\vga.sys
0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5132000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF50FD000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xF786F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7877000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF50BA000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xF63B2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF506D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF7687000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF5014000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4FEE000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF4FA7000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF7697000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF787F000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF4F57000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4F35000 \SystemRoot\System32\drivers\afd.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF4E6A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4DFA000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF76E7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7B49000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF4DC3000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF5226000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF7767000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7777000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF6D86000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF51B4000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF4D27000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF4C6F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4CFF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77B7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AFC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF41F000 \SystemRoot\System32\ATMFD.DLL
0xF3ACA000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF2841000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3B7E000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2726000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7A3D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF2876000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF244E000 \SystemRoot\System32\DRIVERS\srv.sys
0xF799B000 \SystemRoot\System32\Drivers\MASPINT.SYS
0xF4DBB000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xF2226000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xF253E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1F3D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF1B2A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
440 C:\WINDOWS\system32\smss.exe
472 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
504 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
720 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1268 svchost.exe
1440 C:\WINDOWS\system32\spoolsv.exe
1692 C:\WINDOWS\explorer.exe
1804 svchost.exe
1876 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1928 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
1952 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
1984 C:\WINDOWS\system\hpsysdrv.exe
1992 C:\WINDOWS\system32\gearsec.exe
2008 C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
136 C:\hp\KBD\kbd.exe
132 C:\Program Files\Java\jre6\bin\jqs.exe
160 C:\Program Files\AVG\AVG2012\avgtray.exe
180 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
108 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
764 C:\WINDOWS\system32\nvsvc32.exe
976 C:\Program Files\Softex\OmniPass\omniServ.exe
1068 C:\WINDOWS\system32\HPZipm12.exe
1264 C:\WINDOWS\system32\svchost.exe
1496 C:\Program Files\AVG\AVG2012\avgnsx.exe
1636 C:\WINDOWS\system32\MsPMSPSv.exe
1756 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
1304 C:\WINDOWS\system32\wuauclt.exe
2876 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
2924 alg.exe
4080 C:\Program Files\Internet Explorer\iexplore.exe
1224 C:\Program Files\Internet Explorer\iexplore.exe
3744 C:\Program Files\Internet Explorer\iexplore.exe
3104 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`223ca000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3120025A, Rev: 4.06

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 52F361BC44BB87BE63C2F19360F552125A89E7DC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


OTL logfile created on: 11/18/2011 4:02:15 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 628.96 Mb Available Physical Memory | 61.46% Memory free
1.66 Gb Paging File | 1.28 Gb Available in Paging File | 77.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.25 Gb Total Space | 64.08 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.78 Gb Free Space | 17.33% Space Free | Partition Type: FAT32

Computer Name: OUR-COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 11:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/09/10 17:11:46 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2002/06/22 09:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2004/03/11 23:45:06 | 000,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2002/06/22 09:27:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (vmusb)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/02/09 11:53:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/09/10 17:11:46 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2002/11/14 10:09:14 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/09/17 05:00:28 | 000,599,936 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2008/12/02 06:05:34 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/02/17 05:49:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/27 16:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 16:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 16:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 16:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 16:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 16:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/12/12 18:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 21:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 21:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 00:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 09:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/17 09:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 17:22:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/20 05:02:38 | 000,000,000 | ---D | M]

[2011/01/01 11:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/29 07:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/01 11:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cukv1iy4.default\extensions\staged-xpis
[2011/02/16 19:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 19:49:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/16 19:49:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/16 19:49:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/11/17 21:52:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //rhapapp.real.com/ ([]rhap in Trusted sites)
O15 - HKCU\..Trusted Domains: listen.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: llnwd.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapapp] * in Trusted sites)
O15 - HKCU\..Trusted Domains: realone.com ([i] http in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0309.cab (YInstStarter Class)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.n...E_5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://ca.com/us/sec...an/pestscan.cab (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1138232800038 (MUWebControl Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...CAB?37884.38875 (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539600} http://fpdownload.ma...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} http://h20270.www2.h...cdetection3.cab (DeviceEnum Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0723644E-0885-4B83-ACEC-891E530A0F47}: DhcpNameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AABD55D-C086-4174-B1B7-9B0E22D5FEFC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67411ACD-F722-47C1-B76A-8B39717AF81B}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/10 00:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 22:22:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/17 19:59:33 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/11/17 19:52:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/17 19:52:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/17 19:52:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/17 19:52:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/17 19:51:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/17 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/17 19:33:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2011/11/17 19:27:59 | 004,299,372 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/11/17 09:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/17 09:16:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/17 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/17 07:34:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/16 12:21:12 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/11/13 11:28:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/10 17:49:19 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2011/11/10 17:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/09 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/09 19:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/11/08 21:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/11/08 21:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/08 21:00:06 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/08 18:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/11/08 18:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/08 18:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/08 18:28:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/11/08 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/08 15:24:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/11/08 15:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/08 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/08 11:39:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/07 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/07 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/11/07 18:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/07 17:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2011/11/07 16:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CzONyxA1uSoFpGs
[2011/11/07 16:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\konG4amH6W7E9Tq
[2011/11/07 16:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/07 16:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/07 16:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fjUCelIBtPyAiDo
[2011/11/07 16:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\oS1ibD3on4Q6W7R
[2011/11/07 15:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\t0ucS2ibFpaJdKf
[2011/11/07 15:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SBtxP0ucSi
[2011/10/29 12:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
[2011/10/29 12:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/10/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2005/02/06 08:09:39 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll

========== Files - Modified Within 30 Days ==========

[2011/11/18 15:59:42 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/11/18 15:53:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/18 15:52:21 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/11/18 15:52:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/18 15:50:28 | 110,078,497 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/18 15:48:20 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003UA.job
[2011/11/18 15:48:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3530927332-4033242662-3775010867-1003Core.job
[2011/11/18 06:05:48 | 000,879,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/11/17 21:52:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/17 19:54:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/17 19:28:10 | 004,299,372 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/11/17 09:16:33 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 12:21:12 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/11/16 09:01:41 | 000,004,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ab.csv
[2011/11/15 17:26:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/11/13 11:28:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/08 22:05:32 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/08 06:32:05 | 000,155,182 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/11/08 06:32:01 | 000,272,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/11/08 06:10:52 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/11/07 16:53:27 | 000,000,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/07 16:17:01 | 000,434,440 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111107-175717.backup
[2011/11/07 15:29:02 | 000,465,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 15:29:02 | 000,083,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/18 15:59:32 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/11/18 15:50:28 | 110,078,497 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/18 06:05:47 | 000,879,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/11/17 19:52:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/17 19:52:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/17 19:52:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/17 19:52:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/17 19:52:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/17 09:16:33 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 08:19:50 | 000,004,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ab.csv
[2011/11/08 06:32:05 | 000,155,182 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/11/08 06:32:01 | 000,272,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/11/08 06:10:52 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/11/07 16:52:57 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/11/07 16:33:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:53:26 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/27 16:53:26 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2009/09/15 05:13:15 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/07/08 18:44:10 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2009/07/08 18:44:10 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\4D05D6
[2009/05/18 16:54:48 | 000,000,267 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2008/07/18 11:35:45 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/18 11:35:42 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/18 11:35:42 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/18 11:35:41 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/18 11:35:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/13 07:18:42 | 000,091,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/09/02 19:22:53 | 000,003,155 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/28 16:45:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/28 14:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/06/14 07:41:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/05/05 09:24:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/25 07:15:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/20 07:42:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\dead_saver2.ini
[2006/11/20 07:41:54 | 000,000,098 | ---- | C] () -- C:\WINDOWS\dead_saver3.ini
[2006/11/18 17:58:02 | 000,000,195 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2006/11/18 17:58:02 | 000,000,112 | ---- | C] () -- C:\WINDOWS\dead_saver1.ini
[2006/10/08 14:47:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/03 09:40:04 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/17 06:05:25 | 000,000,479 | ---- | C] () -- C:\WINDOWS\T-Minus.INI
[2006/03/25 10:15:50 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/03/15 17:22:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/02/19 20:03:52 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2006/02/15 08:35:26 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/02/15 08:35:26 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/09/19 05:59:08 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/08/16 10:00:40 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\torrentspy.ini
[2005/07/16 07:59:10 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/07/16 07:59:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/07/16 07:59:09 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2005/07/14 17:43:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/07/14 17:26:11 | 000,104,305 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/07/14 17:26:11 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/06/14 18:53:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2005.ini
[2005/06/04 07:57:40 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2005/06/04 07:57:04 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2005/03/04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/03 17:20:31 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/03/01 17:45:41 | 000,241,084 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2005/03/01 14:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/23 20:39:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/23 20:39:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/23 20:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/23 20:39:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/23 20:39:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/23 20:39:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/23 20:38:36 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2005/02/23 20:38:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/10/31 14:01:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/08 08:29:33 | 000,000,773 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2004/08/20 18:05:53 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/08/18 20:46:24 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/18 20:46:23 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/08/18 20:45:44 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/06/23 16:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/06/23 16:20:03 | 000,007,210 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/18 05:55:59 | 000,000,409 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/05/11 07:51:26 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/04/01 09:03:14 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/02/29 18:08:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/02/29 18:08:02 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/12/25 19:05:45 | 000,000,231 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/12/01 20:57:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/11/19 20:03:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2003/11/03 17:40:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/04 06:22:05 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/28 18:53:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/23 07:56:31 | 000,000,042 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2003/09/23 06:03:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/22 20:49:24 | 000,001,110 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/21 07:22:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2003/09/21 07:22:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2003/09/20 17:15:05 | 000,001,765 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/20 17:04:20 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2003/09/20 17:04:20 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2003/09/20 15:27:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2003/09/20 15:25:51 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2003/09/20 13:57:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/07 14:01:52 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/06/04 19:40:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/06/04 19:40:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/06/04 19:40:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/06/04 19:40:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/04 19:10:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/06/04 19:10:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/06/04 19:10:41 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/06/04 19:10:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/06/04 19:10:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/10 06:35:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 06:34:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/10 06:21:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 03:51:07 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 03:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 02:32:34 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 02:32:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 02:06:10 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 02:04:00 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/04/10 02:03:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 02:03:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 01:57:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 01:57:04 | 000,000,856 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 01:16:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 01:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/10 01:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/10 00:44:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 00:44:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 00:44:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 00:23:21 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 00:21:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 00:16:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/10 00:05:45 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 00:05:26 | 000,465,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 00:05:26 | 000,083,290 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/09 17:10:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/09 17:09:25 | 000,423,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 18:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 16:23:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ringtone.dll
[2003/01/13 13:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 10:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 10:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/17 23:45:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\MidiTran61v20.dll
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/25 13:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 13:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/14 20:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2001/05/28 11:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2001/05/09 01:40:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Translate.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

< End of report >


OTL Extras logfile created on: 11/18/2011 4:02:15 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 628.96 Mb Available Physical Memory | 61.46% Memory free
1.66 Gb Paging File | 1.28 Gb Available in Paging File | 77.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.25 Gb Total Space | 64.08 Gb Free Space | 59.75% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.78 Gb Free Space | 17.33% Space Free | Partition Type: FAT32

Computer Name: OUR-COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"12118:TCP" = 12118:TCP:*:Disabled:BitComet 12118 TCP
"12118:UDP" = 12118:UDP:*:Disabled:BitComet 12118 UDP
"13394:TCP" = 13394:TCP:*:Disabled:BitComet 13394 TCP
"13394:UDP" = 13394:UDP:*:Disabled:BitComet 13394 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\InterVideo\DVD6\WinDVD.exe" = C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{23C3A68E-881B-4CF4-B051-C9F599ED3C10}" = LightScribe Diagnostic Utility
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2492AE96-F681-4922-B5EB-3045B03BEC12}" = calibre
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}" = HP Memories Disc
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3FB8348A-CAF2-4B8D-B663-A0D76B26B611}" = iTunes
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43814423-7F14-4F42-85B8-029C2FB72729}" = Eudora
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}" = HP Photo and Imaging 1.2 - Photosmart Cameras
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{9E88DAA4-1352-4272-BA3A-897668408400}" = HP Photosmart printers preloaded drivers
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C9EFFC51-6D72-4681-A0D1-9A452D033F61}" = HP Driver Diagnostics
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEE0F0A7-6B7D-4D1E-9498-43D9D012DDF7}" = Windows Media Format 9 Series SDK
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0.8 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ArcSoft Software Suite" = ArcSoft Picture Software
"AVG" = AVG 2012
"BackWeb-137903 Uninstaller" = Updates from HP
"Belarc Advisor 2.0" = Belarc Advisor 7.1
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Exact Audio Copy_is1" = Exact Audio Copy v0.9 beta 4
"FLAC" = FLAC Installer 1.1.0k (remove only)
"HijackThis" = HijackThis 2.0.2
"hp instant support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 4.2
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PIXresizer_is1" = PIXresizer 1.0.9
"PremElem40" = Adobe Premiere Elements 4.0
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Shockwave" = Shockwave
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Snood_is1" = Snood for Windows version 3.52-W
"The Psychedelic Bus of Dead Knowledge" = The Psychedelic Bus of Dead Knowledge
"Unlocker" = Unlocker 1.8.6
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2010 7:11:30 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 7:12:18 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 7:13:09 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 7:13:38 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 7:14:23 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2010 4:27:15 PM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/25/2010 11:10:23 PM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2010 6:31:53 AM | Computer Name = OUR-COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/30/2010 5:37:36 PM | Computer Name = OUR-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 3.2.3.2, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 10/2/2010 7:43:03 AM | Computer Name = OUR-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 1.8.1.12639, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/18/2011 4:41:24 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/18/2011 4:41:24 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/18/2011 4:41:24 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 11/18/2011 4:41:38 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp Lbd szkg5 szkgfs

Error - 11/18/2011 4:52:42 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7000
Description = The Genesys Logic USB Scanner Controller NT 5.0 service failed to
start due to the following error: %%2

Error - 11/18/2011 4:52:42 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 11/18/2011 4:52:42 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 11/18/2011 4:52:42 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 11/18/2011 4:52:42 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7023
Description = The USB Device Service service terminated with the following error:
%%126

Error - 11/18/2011 4:52:57 PM | Computer Name = OUR-COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp Lbd szkg5 szkgfs


< End of report >
  • 0

#14
emeraldnzl
Posted 18 November 2011 - 04:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sah_fb,

Viewpoint Manager is considered as foistware instead of malware since it is mostly installed without users approval. This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

Up to you but I recommend removal of this program. Click on Start > Control Panel > Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Now

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Next

MBRCheck returned with "Unknown MBR Code". This could indicate an infection although in your case I am thinking it might be showing that because of the infection that ComboFix found and fixed earlier.

Let's do this for our peace of mind though:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it. At this stage say no to the offer to download AVAST.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#15
sah_fb
Posted 18 November 2011 - 06:00 PM

sah_fb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I download Java for Windows and installed it.
However, there were no other versions or updates
showing in the control panel. Version on system is
6.0.290.

asw scan completed and it created
a nero showtime file MBR on the desktop as
well as the log that is posted below


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 18:48:51
-----------------------------
18:48:51.250 OS Version: Windows 5.1.2600 Service Pack 3
18:48:51.250 Number of processors: 2 586 0x209
18:48:51.250 ComputerName: OUR-COMPUTER UserName: Owner
18:48:52.046 Initialize success
18:49:15.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:49:15.328 Disk 0 Vendor: ST3120025A 4.06 Size: 114473MB BusType: 3
18:49:17.359 Disk 0 MBR read successfully
18:49:17.359 Disk 0 MBR scan
18:49:17.359 Disk 0 unknown MBR code
18:49:17.359 Disk 0 scanning sectors +234420480
18:49:17.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:49:43.359 Service scanning
18:49:45.281 Modules scanning
18:50:27.062 Disk 0 trace - called modules:
18:50:27.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:50:27.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87760ab8]
18:50:27.078 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000070[0x87768510]
18:50:27.093 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87792940]
18:50:27.109 Scan finished successfully
18:54:45.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:54:45.359 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP