Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/kryptik & heur infection [Closed]

Started by alohagirl , Dec 27 2011 02:04 AM

  • This topic is locked This topic is locked

#1
alohagirl
Posted 27 December 2011 - 02:04 AM

alohagirl

    Member

  • Member
  • PipPip
  • 10 posts
I had an AVG warning window asking me to quarantine this win32/Kryptik virus, a couple of weeks prior AVG caught win32/heur. I didn't think much of it and simply clicked 'move to vault'.

Unfortunately, this caused major chaos and mayhem and I was unable to start ANY .exe applications or browsers anymore. :-( I couldn't even launch my malware and antivirus programs to scan again or use a browser to download removal tools.

Thankfully I was able to get back .exe apps and browsers with your exehelper.com.

I would like help removing the virus though.

Mahalo
  • 0

Advertisements

#2
michaelg9
Posted 30 December 2011 - 01:54 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi Mahalo
:welcome: . I'm Michael and I'm going to help you fix your computer :)

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Do you remember the name of the file found by AVG?

Can you post the exehelper log? It should be located in the same folder with exehelper program



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :thumbsup:


Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Next:


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

  • 0

#3
alohagirl
Posted 31 December 2011 - 12:26 AM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha Michael,Thank you for your help. I am posting the logs you asked for and also a snapshot of my AVG virus vault. When trying to attach MBR.zip on here I get the error msg "You aren't permitted to upload this kind of file", any suggestions on how to get it to you?

avg.jpg

exeHelper by Raktor
Build 20100414
Run at 00:17:38 on 12/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 17:39:49
-----------------------------
17:39:49.843 OS Version: Windows 5.1.2600 Service Pack 3
17:39:49.843 Number of processors: 2 586 0x401
17:39:49.843 ComputerName: MTVIEW UserName:
17:39:51.234 Initialize success
17:43:04.843 AVAST engine defs: 11123001
17:43:44.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:43:44.640 Disk 0 Vendor: WDC_WD2000JB-22GVC0 08.02D08 Size: 190781MB BusType: 3
17:43:44.656 Disk 0 MBR read successfully
17:43:44.656 Disk 0 MBR scan
17:43:44.687 Disk 0 Windows XP default MBR code
17:43:44.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 94264 MB offset 63
17:43:44.687 Disk 0 Partition - 00 0F Extended LBA 96515 MB offset 193053105
17:43:44.718 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 92546 MB offset 193053168
17:43:44.718 Disk 0 Partition - 00 05 Extended 3969 MB offset 382587975
17:43:44.750 Disk 0 scanning sectors +390716865
17:43:44.796 Disk 0 scanning C:\WINDOWS\system32\drivers
17:43:55.250 Service scanning
17:43:56.468 Modules scanning
17:44:02.281 Disk 0 trace - called modules:
17:44:02.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:44:02.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afa2ab8]
17:44:02.312 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8af4da98]
17:44:02.312 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af49940]
17:44:02.968 AVAST engine scan C:\WINDOWS
17:44:08.703 AVAST engine scan C:\WINDOWS\system32
17:45:59.046 AVAST engine scan C:\WINDOWS\system32\drivers
17:46:12.906 AVAST engine scan C:\Documents and Settings\elizabeth
18:50:11.828 AVAST engine scan C:\Documents and Settings\All Users
18:53:53.875 Scan finished successfully
19:04:38.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\elizabeth\Desktop\MBR.dat"
19:04:38.453 The log file has been saved successfully to "C:\Documents and Settings\elizabeth\Desktop\aswMBR.txt"


19:12:30.0515 6204 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:12:31.0234 6204 ============================================================
19:12:31.0234 6204 Current date / time: 2011/12/30 19:12:31.0234
19:12:31.0234 6204 SystemInfo:
19:12:31.0234 6204
19:12:31.0234 6204 OS Version: 5.1.2600 ServicePack: 3.0
19:12:31.0234 6204 Product type: Workstation
19:12:31.0234 6204 ComputerName: MTVIEW
19:12:31.0234 6204 UserName: elizabeth
19:12:31.0234 6204 Windows directory: C:\WINDOWS
19:12:31.0234 6204 System windows directory: C:\WINDOWS
19:12:31.0234 6204 Processor architecture: Intel x86
19:12:31.0234 6204 Number of processors: 2
19:12:31.0234 6204 Page size: 0x1000
19:12:31.0234 6204 Boot type: Normal boot
19:12:31.0234 6204 ============================================================
19:12:32.0468 6204 Initialize success
19:15:03.0593 7736 ============================================================
19:15:03.0593 7736 Scan started
19:15:03.0593 7736 Mode: Manual; SigCheck; TDLFS;
19:15:03.0593 7736 ============================================================
19:15:05.0000 7736 Abiosdsk - ok
19:15:05.0031 7736 abp480n5 - ok
19:15:05.0093 7736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:15:05.0453 7736 ACPI - ok
19:15:05.0500 7736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:15:05.0734 7736 ACPIEC - ok
19:15:05.0812 7736 adpu160m - ok
19:15:05.0859 7736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:15:06.0015 7736 aec - ok
19:15:06.0062 7736 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:15:06.0140 7736 AFD - ok
19:15:06.0156 7736 Aha154x - ok
19:15:06.0187 7736 aic78u2 - ok
19:15:06.0218 7736 aic78xx - ok
19:15:06.0250 7736 AliIde - ok
19:15:06.0343 7736 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:15:06.0515 7736 Ambfilt - ok
19:15:06.0546 7736 amsint - ok
19:15:06.0578 7736 asc - ok
19:15:06.0609 7736 asc3350p - ok
19:15:06.0625 7736 asc3550 - ok
19:15:06.0703 7736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:15:06.0843 7736 AsyncMac - ok
19:15:06.0875 7736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:15:07.0015 7736 atapi - ok
19:15:07.0046 7736 Atdisk - ok
19:15:07.0093 7736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:15:07.0218 7736 Atmarpc - ok
19:15:07.0265 7736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:15:07.0390 7736 audstub - ok
19:15:07.0484 7736 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:15:07.0531 7736 AVGIDSDriver - ok
19:15:07.0562 7736 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:15:07.0578 7736 AVGIDSEH - ok
19:15:07.0625 7736 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:15:07.0625 7736 AVGIDSFilter - ok
19:15:07.0656 7736 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:15:07.0671 7736 AVGIDSShim - ok
19:15:07.0718 7736 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:15:07.0734 7736 Avgldx86 - ok
19:15:07.0765 7736 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:15:07.0781 7736 Avgmfx86 - ok
19:15:07.0812 7736 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:15:07.0828 7736 Avgrkx86 - ok
19:15:07.0875 7736 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:15:07.0890 7736 Avgtdix - ok
19:15:07.0953 7736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:15:08.0093 7736 Beep - ok
19:15:08.0140 7736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:15:08.0296 7736 cbidf2k - ok
19:15:08.0312 7736 cd20xrnt - ok
19:15:08.0343 7736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:15:08.0484 7736 Cdaudio - ok
19:15:08.0531 7736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:15:08.0671 7736 Cdfs - ok
19:15:08.0718 7736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:15:08.0859 7736 Cdrom - ok
19:15:08.0890 7736 Changer - ok
19:15:08.0937 7736 CmdIde - ok
19:15:08.0984 7736 Cpqarray - ok
19:15:09.0046 7736 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:15:09.0062 7736 cpudrv - ok
19:15:09.0093 7736 dac2w2k - ok
19:15:09.0140 7736 dac960nt - ok
19:15:09.0171 7736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:15:09.0328 7736 Disk - ok
19:15:09.0406 7736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:15:09.0593 7736 dmboot - ok
19:15:09.0640 7736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:15:09.0781 7736 dmio - ok
19:15:09.0812 7736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:15:09.0937 7736 dmload - ok
19:15:10.0000 7736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:15:10.0140 7736 DMusic - ok
19:15:10.0171 7736 dpti2o - ok
19:15:10.0218 7736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:15:10.0343 7736 drmkaud - ok
19:15:10.0406 7736 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:15:10.0468 7736 E100B - ok
19:15:10.0515 7736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:15:10.0656 7736 Fastfat - ok
19:15:10.0703 7736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:15:10.0843 7736 Fdc - ok
19:15:10.0906 7736 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
19:15:11.0031 7736 FETNDIS - ok
19:15:11.0078 7736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:15:11.0234 7736 Fips - ok
19:15:11.0281 7736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:15:11.0421 7736 Flpydisk - ok
19:15:11.0468 7736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:15:11.0609 7736 FltMgr - ok
19:15:11.0640 7736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:15:11.0765 7736 Fs_Rec - ok
19:15:11.0812 7736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:15:11.0953 7736 Ftdisk - ok
19:15:12.0000 7736 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:15:12.0140 7736 gameenum - ok
19:15:12.0171 7736 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:15:12.0203 7736 giveio ( UnsignedFile.Multi.Generic ) - warning
19:15:12.0203 7736 giveio - detected UnsignedFile.Multi.Generic (1)
19:15:12.0234 7736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:15:12.0375 7736 Gpc - ok
19:15:12.0453 7736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:15:12.0593 7736 HDAudBus - ok
19:15:12.0625 7736 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:15:12.0765 7736 hidusb - ok
19:15:12.0796 7736 hpn - ok
19:15:12.0859 7736 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:15:12.0984 7736 HPZid412 - ok
19:15:13.0015 7736 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:15:13.0093 7736 HPZipr12 - ok
19:15:13.0140 7736 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:15:13.0203 7736 HPZius12 - ok
19:15:13.0265 7736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:15:13.0312 7736 HTTP - ok
19:15:13.0343 7736 i2omgmt - ok
19:15:13.0375 7736 i2omp - ok
19:15:13.0421 7736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:15:13.0562 7736 i8042prt - ok
19:15:13.0609 7736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:15:13.0734 7736 Imapi - ok
19:15:13.0765 7736 ini910u - ok
19:15:14.0031 7736 IntcAzAudAddService (e2c822adacfa7b2e788e675d9309bd18) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:15:14.0468 7736 IntcAzAudAddService - ok
19:15:14.0515 7736 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:15:14.0640 7736 IntelIde - ok
19:15:14.0687 7736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:15:14.0812 7736 intelppm - ok
19:15:14.0859 7736 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:15:14.0984 7736 ip6fw - ok
19:15:15.0031 7736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:15:15.0171 7736 IpFilterDriver - ok
19:15:15.0218 7736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:15:15.0359 7736 IpInIp - ok
19:15:15.0390 7736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:15:15.0515 7736 IpNat - ok
19:15:15.0546 7736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:15:15.0687 7736 IPSec - ok
19:15:15.0718 7736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:15:15.0843 7736 IRENUM - ok
19:15:15.0890 7736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:15:16.0015 7736 isapnp - ok
19:15:16.0062 7736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:15:16.0218 7736 Kbdclass - ok
19:15:16.0281 7736 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:15:16.0406 7736 kbdhid - ok
19:15:16.0468 7736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:15:16.0593 7736 kmixer - ok
19:15:16.0671 7736 KProcessHacker2 (42868dcfd4ad0b089a65ff51bc2a6578) C:\Program Files\Process Hacker 2\kprocesshacker.sys
19:15:16.0687 7736 KProcessHacker2 - ok
19:15:16.0734 7736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:15:16.0765 7736 KSecDD - ok
19:15:16.0828 7736 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:15:16.0843 7736 Lbd - ok
19:15:16.0890 7736 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:15:16.0906 7736 LBeepKE - ok
19:15:16.0921 7736 lbrtfdc - ok
19:15:16.0984 7736 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:15:16.0984 7736 LHidFilt - ok
19:15:17.0031 7736 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:15:17.0046 7736 LMouFilt - ok
19:15:17.0078 7736 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
19:15:17.0109 7736 MBAMProtector - ok
19:15:17.0140 7736 MBAMSwissArmy - ok
19:15:17.0187 7736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:15:17.0328 7736 mnmdd - ok
19:15:17.0375 7736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:15:17.0515 7736 Modem - ok
19:15:17.0625 7736 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
19:15:17.0765 7736 Monfilt - ok
19:15:17.0812 7736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:15:17.0953 7736 Mouclass - ok
19:15:17.0984 7736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:15:18.0140 7736 mouhid - ok
19:15:18.0171 7736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:15:18.0296 7736 MountMgr - ok
19:15:18.0312 7736 mraid35x - ok
19:15:18.0359 7736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:15:18.0484 7736 MRxDAV - ok
19:15:18.0546 7736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:15:18.0625 7736 MRxSmb - ok
19:15:18.0671 7736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:15:18.0796 7736 Msfs - ok
19:15:18.0859 7736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:15:18.0984 7736 MSKSSRV - ok
19:15:19.0015 7736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:15:19.0156 7736 MSPCLOCK - ok
19:15:19.0203 7736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:15:19.0312 7736 MSPQM - ok
19:15:19.0375 7736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:15:19.0500 7736 mssmbios - ok
19:15:19.0546 7736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:15:19.0578 7736 Mup - ok
19:15:19.0625 7736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:15:19.0765 7736 NDIS - ok
19:15:19.0812 7736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:15:19.0843 7736 NdisTapi - ok
19:15:19.0875 7736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:15:20.0015 7736 Ndisuio - ok
19:15:20.0046 7736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:15:20.0187 7736 NdisWan - ok
19:15:20.0234 7736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:15:20.0265 7736 NDProxy - ok
19:15:20.0312 7736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:15:20.0437 7736 NetBIOS - ok
19:15:20.0468 7736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:15:20.0609 7736 NetBT - ok
19:15:20.0671 7736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:15:20.0796 7736 Npfs - ok
19:15:20.0859 7736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:15:21.0015 7736 Ntfs - ok
19:15:21.0093 7736 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:15:21.0109 7736 NuidFltr - ok
19:15:21.0156 7736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:15:21.0281 7736 Null - ok
19:15:21.0718 7736 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:15:22.0515 7736 nv - ok
19:15:22.0578 7736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:15:22.0703 7736 NwlnkFlt - ok
19:15:22.0750 7736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:15:22.0875 7736 NwlnkFwd - ok
19:15:22.0937 7736 osaio (d739622cdf40fb4297213ea62a05119a) C:\WINDOWS\system32\drivers\osaio.sys
19:15:22.0937 7736 osaio ( UnsignedFile.Multi.Generic ) - warning
19:15:22.0937 7736 osaio - detected UnsignedFile.Multi.Generic (1)
19:15:23.0015 7736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:15:23.0140 7736 Parport - ok
19:15:23.0187 7736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:15:23.0296 7736 PartMgr - ok
19:15:23.0359 7736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:15:23.0484 7736 ParVdm - ok
19:15:23.0515 7736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:15:23.0640 7736 PCI - ok
19:15:23.0671 7736 PCIDump - ok
19:15:23.0703 7736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:15:23.0843 7736 PCIIde - ok
19:15:23.0890 7736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:15:24.0031 7736 Pcmcia - ok
19:15:24.0046 7736 PDCOMP - ok
19:15:24.0078 7736 PDFRAME - ok
19:15:24.0109 7736 PDRELI - ok
19:15:24.0140 7736 PDRFRAME - ok
19:15:24.0156 7736 perc2 - ok
19:15:24.0187 7736 perc2hib - ok
19:15:24.0250 7736 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
19:15:24.0265 7736 pfc ( UnsignedFile.Multi.Generic ) - warning
19:15:24.0265 7736 pfc - detected UnsignedFile.Multi.Generic (1)
19:15:24.0312 7736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:15:24.0453 7736 PptpMiniport - ok
19:15:24.0484 7736 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:15:24.0609 7736 Processor - ok
19:15:24.0640 7736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:15:24.0765 7736 PSched - ok
19:15:24.0812 7736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:15:24.0953 7736 Ptilink - ok
19:15:25.0015 7736 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:15:25.0031 7736 PxHelp20 - ok
19:15:25.0046 7736 ql1080 - ok
19:15:25.0078 7736 Ql10wnt - ok
19:15:25.0109 7736 ql12160 - ok
19:15:25.0140 7736 ql1240 - ok
19:15:25.0156 7736 ql1280 - ok
19:15:25.0203 7736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:15:25.0328 7736 RasAcd - ok
19:15:25.0375 7736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:15:25.0500 7736 Rasl2tp - ok
19:15:25.0531 7736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:15:25.0671 7736 RasPppoe - ok
19:15:25.0687 7736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:15:25.0812 7736 Raspti - ok
19:15:25.0859 7736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:15:25.0984 7736 Rdbss - ok
19:15:26.0015 7736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:15:26.0140 7736 RDPCDD - ok
19:15:26.0203 7736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:15:26.0328 7736 rdpdr - ok
19:15:26.0390 7736 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:15:26.0437 7736 RDPWD - ok
19:15:26.0484 7736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:15:26.0609 7736 redbook - ok
19:15:26.0687 7736 RTLE8023xp (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:15:26.0734 7736 RTLE8023xp - ok
19:15:26.0796 7736 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
19:15:26.0937 7736 S3SavageNB - ok
19:15:27.0000 7736 SABProcEnum - ok
19:15:27.0046 7736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:15:27.0171 7736 Secdrv - ok
19:15:27.0234 7736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:15:27.0343 7736 serenum - ok
19:15:27.0375 7736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:15:27.0515 7736 Serial - ok
19:15:27.0578 7736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:15:27.0703 7736 Sfloppy - ok
19:15:27.0734 7736 Simbad - ok
19:15:27.0781 7736 SIODRV (6fbba21e5ad173ecad3144ddff3a89bf) C:\WINDOWS\system32\drivers\SIODRV.SYS
19:15:27.0796 7736 SIODRV ( UnsignedFile.Multi.Generic ) - warning
19:15:27.0796 7736 SIODRV - detected UnsignedFile.Multi.Generic (1)
19:15:27.0859 7736 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
19:15:27.0859 7736 SMBios ( UnsignedFile.Multi.Generic ) - warning
19:15:27.0859 7736 SMBios - detected UnsignedFile.Multi.Generic (1)
19:15:27.0890 7736 smbusp (ba312455863f88757ccc5091d3b5c9db) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
19:15:27.0906 7736 smbusp ( UnsignedFile.Multi.Generic ) - warning
19:15:27.0906 7736 smbusp - detected UnsignedFile.Multi.Generic (1)
19:15:27.0937 7736 Sparrow - ok
19:15:27.0984 7736 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
19:15:28.0000 7736 speedfan ( UnsignedFile.Multi.Generic ) - warning
19:15:28.0000 7736 speedfan - detected UnsignedFile.Multi.Generic (1)
19:15:28.0062 7736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:15:28.0187 7736 splitter - ok
19:15:28.0250 7736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:15:28.0390 7736 sr - ok
19:15:28.0453 7736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:15:28.0515 7736 Srv - ok
19:15:28.0562 7736 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
19:15:28.0578 7736 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:15:28.0578 7736 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:15:28.0625 7736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:15:28.0750 7736 swenum - ok
19:15:28.0781 7736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:15:28.0906 7736 swmidi - ok
19:15:28.0937 7736 symc810 - ok
19:15:28.0968 7736 symc8xx - ok
19:15:29.0000 7736 sym_hi - ok
19:15:29.0031 7736 sym_u3 - ok
19:15:29.0078 7736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:15:29.0203 7736 sysaudio - ok
19:15:29.0265 7736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:15:29.0359 7736 Tcpip - ok
19:15:29.0390 7736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:15:29.0531 7736 TDPIPE - ok
19:15:29.0578 7736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:15:29.0703 7736 TDTCP - ok
19:15:29.0750 7736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:15:29.0875 7736 TermDD - ok
19:15:29.0921 7736 TosIde - ok
19:15:29.0968 7736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:15:30.0093 7736 Udfs - ok
19:15:30.0125 7736 ultra - ok
19:15:30.0203 7736 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Program Files\Unlocker\UnlockerDriver5.sys
19:15:30.0203 7736 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:15:30.0203 7736 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:15:30.0281 7736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:15:30.0421 7736 Update - ok
19:15:30.0500 7736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:15:30.0625 7736 usbccgp - ok
19:15:30.0656 7736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:15:30.0796 7736 usbehci - ok
19:15:30.0859 7736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:15:30.0984 7736 usbhub - ok
19:15:31.0015 7736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:15:31.0140 7736 usbprint - ok
19:15:31.0187 7736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:15:31.0312 7736 usbscan - ok
19:15:31.0359 7736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:15:31.0500 7736 USBSTOR - ok
19:15:31.0531 7736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:15:31.0656 7736 usbuhci - ok
19:15:31.0687 7736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:15:31.0812 7736 VgaSave - ok
19:15:31.0875 7736 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:15:32.0000 7736 viaagp - ok
19:15:32.0046 7736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:15:32.0187 7736 ViaIde - ok
19:15:32.0234 7736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:15:32.0359 7736 VolSnap - ok
19:15:32.0406 7736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:15:32.0546 7736 Wanarp - ok
19:15:32.0609 7736 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:15:32.0656 7736 Wdf01000 - ok
19:15:32.0687 7736 WDICA - ok
19:15:32.0734 7736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:15:32.0875 7736 wdmaud - ok
19:15:32.0984 7736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:15:33.0187 7736 \Device\Harddisk0\DR0 - ok
19:15:33.0187 7736 Boot (0x1200) (e3588141bc4d29a7e43b4df931286dc4) \Device\Harddisk0\DR0\Partition0
19:15:33.0187 7736 \Device\Harddisk0\DR0\Partition0 - ok
19:15:33.0203 7736 Boot (0x1200) (3ea4add835ea006953ff365fcbe84512) \Device\Harddisk0\DR0\Partition1
19:15:33.0203 7736 \Device\Harddisk0\DR0\Partition1 - ok
19:15:33.0203 7736 ============================================================
19:15:33.0203 7736 Scan finished
19:15:33.0203 7736 ============================================================
19:15:33.0328 4924 Detected object count: 9
19:15:33.0328 4924 Actual detected object count: 9
19:17:46.0343 4924 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0343 4924 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0343 4924 osaio ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0343 4924 osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0343 4924 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0343 4924 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0343 4924 SIODRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0343 4924 SIODRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0359 4924 SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0359 4924 SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0359 4924 smbusp ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0359 4924 smbusp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0359 4924 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0359 4924 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0359 4924 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0359 4924 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:46.0359 4924 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:46.0359 4924 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:41.0453 2456 Deinitialize success

OTL logfile created on: 12/30/2011 7:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.29% Memory free
5.40 Gb Paging File | 4.37 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.05 Gb Total Space | 24.90 Gb Free Space | 27.05% Space Free | Partition Type: NTFS
Drive E: | 90.38 Gb Total Space | 13.61 Gb Free Space | 15.05% Space Free | Partition Type: NTFS

Computer Name: MTVIEW | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/25 23:37:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/08 23:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- C:\Program Files\IE New Window Maximizer\iemaximizer.exe
PRC - [2004/06/11 16:04:32 | 001,226,752 | ---- | M] (OSA Technologies, Inc.) -- C:\Program Files\Intel\IDU\iptray.exe
PRC - [2004/06/10 16:57:56 | 001,246,720 | ---- | M] (OSA Technologies, Inc.) -- C:\Program Files\Intel\IDU\IDUServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 09:46:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/10/16 22:16:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/10/16 22:14:16 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/10/16 22:14:06 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/10/16 22:13:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/10/16 22:12:29 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\bbcb0d5e67db5452b3ba77fd71ea182d\System.Xml.ni.dll
MOD - [2011/10/16 22:12:18 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\adeec723413d77446d6606813c050048\System.Configuration.ni.dll
MOD - [2011/10/16 22:11:50 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\b13a0678a604588bfb6a4ebfadc32cb0\System.ni.dll
MOD - [2011/10/16 22:09:26 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/08 16:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Program Files\Intel\IDU\ServiceControl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/06/10 16:57:56 | 001,246,720 | ---- | M] (OSA Technologies, Inc.) [On_Demand | Running] -- C:\Program Files\Intel\IDU\IDUServ.exe -- (iHCService) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/25 16:31:50 | 000,033,352 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/02 23:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/24 07:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 07:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 07:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/01/02 18:33:19 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/22 02:06:00 | 000,130,688 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/17 16:55:54 | 005,026,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/24 03:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/06/01 15:28:50 | 000,010,386 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/11 23:10:22 | 000,021,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [1996/04/03 09:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 166.205.137.32:80

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.ftp: "166.205.137.32"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "166.205.137.32"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "166.205.137.32"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "166.205.137.32"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 08:05:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 11:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 22:23:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\elizabeth\Application Data\Move Networks [2010/01/02 18:02:37 | 000,000,000 | ---D | M]

[2011/04/14 17:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth\Application Data\Mozilla\Extensions
[2011/10/01 13:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth\Application Data\Mozilla\Firefox\Profiles\8zfu0la0.default\extensions
[2011/12/26 09:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 13:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/12/26 09:15:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ELIZABETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZFU0LA0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/22 08:05:25 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/04/01 15:48:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/22 13:50:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/02 20:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 16:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/09/02 13:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2003/03/30 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe (OSA Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-515967899-1425521274-725345543-1003..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)
O4 - HKU\S-1-5-21-515967899-1425521274-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/...msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280432097921 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DAA7CCB-42B1-4A51-978E-AC400707C003}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C52C2F3-4426-4A2A-813F-69AC54E5DB0C}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF54D39-1A99-481D-B43D-9EA5A3B7121C}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/30 14:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell - "" = AutoRun
O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ff9d4416-7e31-11de-b0e9-00241d243982}\Shell\AutoRun\command - "" = R:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-515967899-1425521274-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{b5f15cbd-370a-4244-8f42-14cba2eb4e2c} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 17:33:21 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\elizabeth\Desktop\tdsskiller.exe
[2011/12/30 17:32:37 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\elizabeth\Desktop\aswMBR.exe
[2011/12/29 16:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2011/12/29 16:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011/12/29 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/12/26 09:15:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/26 09:15:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/26 09:15:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/26 00:21:04 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\elizabeth\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 23:37:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
[2011/12/25 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\HiJack This
[2011/12/24 16:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\washer
[2011/12/22 12:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Application Data\YoudaGames
[2011/12/22 12:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Youdagames
[2011/12/22 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker 2 Standard Edition
[2011/12/21 13:49:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\elizabeth\Recent
[2011/12/12 22:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\meditation
[2011/12/12 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\FTR
[2011/12/09 12:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\Harry
[2011/12/06 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Start Menu\Programs\HiJackThis
[2011/12/06 13:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\win32
[2011/12/05 00:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/12/05 00:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Graphics Related Programs
[2011/12/04 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 19:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 19:04:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.dat
[2011/12/30 18:36:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003UA.job
[2011/12/30 17:33:30 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\elizabeth\Desktop\tdsskiller.exe
[2011/12/30 17:32:37 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\elizabeth\Desktop\aswMBR.exe
[2011/12/30 17:28:53 | 000,095,253 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\avg.jpg
[2011/12/30 17:28:53 | 000,012,729 | ---- | M] () -- C:\Documents and Settings\elizabeth\.recently-used.xbel
[2011/12/30 17:11:37 | 141,840,842 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/30 10:36:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003Core.job
[2011/12/29 23:31:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 16:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/27 17:10:21 | 000,315,492 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/26 09:08:15 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 09:07:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 00:22:30 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/26 00:21:17 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\elizabeth\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/26 00:16:34 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\exeHelper.com
[2011/12/25 23:37:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
[2011/12/25 11:01:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rundll32.exe
[2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/22 12:34:49 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Youda Games.url
[2011/12/19 14:53:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/18 09:57:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2011/12/05 00:15:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/04 23:32:39 | 000,243,200 | ---- | M] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 19:04:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.dat
[2011/12/30 17:28:53 | 000,095,253 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\avg.jpg
[2011/12/30 17:28:53 | 000,012,729 | ---- | C] () -- C:\Documents and Settings\elizabeth\.recently-used.xbel
[2011/12/26 00:22:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/26 00:16:34 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\exeHelper.com
[2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
[2011/12/22 12:34:49 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Youda Games.url
[2011/12/19 14:53:50 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/12 09:57:59 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2011/12/05 00:15:03 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/05 00:10:18 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoPad Image Editor.lnk
[2011/09/28 15:32:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2011/08/29 01:33:57 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/08/27 10:39:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\IS-2D0CV.EXE
[2011/08/26 22:17:53 | 000,505,843 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1425521274-725345543-1003-0.dat
[2011/08/26 22:17:46 | 000,316,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/13 09:42:08 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/06/22 19:30:30 | 000,000,862 | ---- | C] () -- C:\WINDOWS\posteriza.INI
[2011/06/13 16:41:38 | 000,000,304 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011/03/25 15:34:58 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/25 15:34:53 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/25 15:34:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/25 15:34:40 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/29 21:19:21 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/01 18:01:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/11/01 18:01:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/07/18 14:20:04 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/23 06:36:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2010/03/23 17:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/03/10 18:01:43 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/03/10 13:38:18 | 000,000,503 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/02/01 10:16:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 12:58:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/13 12:58:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\Plug-Ins
[2010/01/13 01:22:29 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/13 01:22:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/13 01:22:25 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/13 01:22:25 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/13 01:22:22 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/06 14:48:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/01/03 11:52:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/03 11:52:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/03 11:47:30 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/01/02 18:34:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2009/09/05 11:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/28 18:06:27 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MaxLink.ini
[2009/08/28 18:05:55 | 000,047,616 | ---- | C] () -- C:\WINDOWS\unscan40.exe
[2009/07/05 15:10:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/01 11:48:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/06/26 19:14:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\PFP120JPR.{PB
[2009/06/26 19:14:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\PFP120JCM.{PB
[2009/06/02 10:28:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/01 15:48:45 | 000,243,200 | ---- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/30 15:50:38 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/05/30 14:22:12 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/05/30 14:04:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/30 14:00:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/30 03:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/30 03:23:54 | 000,404,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/03/30 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/30 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/30 16:00:00 | 000,495,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/30 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/30 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/30 16:00:00 | 000,085,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/30 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/30 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/30 16:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/30 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/30 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 09:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/03/24 21:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/11 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/03/24 21:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/05/18 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/10/24 15:36:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/24 15:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/06 13:41:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/03/24 21:32:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 20:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/07/18 15:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/11/29 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/22 09:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/23 06:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/10/01 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2010/05/31 18:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/03/10 18:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/12/27 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/22 12:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdagames
[2009/09/04 16:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Affixa
[2010/12/01 15:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AnvSoft
[2011/09/11 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Autodesk
[2011/03/24 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG10
[2010/05/31 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\avidemux
[2010/05/18 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canneverbe Limited
[2011/10/01 14:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canon
[2011/06/23 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CasaPortale.de
[2009/07/06 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CloneSpy
[2010/07/18 15:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/31 15:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Cuttermaran
[2011/10/22 16:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\DVDVideoSoft
[2010/07/18 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\FileOpen
[2011/10/28 16:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\foobar2000
[2009/07/17 02:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\funkitron
[2011/12/30 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\gtk-2.0
[2009/08/28 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Image Zone Express
[2009/06/28 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\ImgBurn
[2011/08/29 01:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\InfraRecorder
[2010/10/30 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\iWin
[2011/05/01 08:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Leadertech
[2009/09/04 17:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Mapi2Xml
[2011/10/12 11:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\MechCAD
[2010/11/15 17:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Namco
[2010/04/27 20:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\NCH Swift Sound
[2010/07/13 10:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Nova Development
[2011/01/16 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\OpenOffice.org
[2011/10/01 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\PDF Writer
[2011/09/30 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Process Hacker 2
[2009/06/23 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Safer Networking
[2011/03/26 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\wsInspector
[2011/12/22 12:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\YoudaGames
[2011/06/04 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pass\Application Data\AVG10
[2011/12/28 16:33:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/18 09:57:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\photopadShakeIcon.job
[2011/12/05 00:15:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/12/19 14:53:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/04/21 12:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Adobe
[2009/09/04 16:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Affixa
[2010/12/01 15:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AnvSoft
[2010/07/18 14:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Apple Computer
[2011/09/26 20:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\ArcSoft
[2011/09/11 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Autodesk
[2011/03/24 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG10
[2010/05/31 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\avidemux
[2010/04/24 19:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVS4YOU
[2010/05/18 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canneverbe Limited
[2011/10/01 14:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canon
[2011/06/23 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CasaPortale.de
[2009/07/06 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CloneSpy
[2010/07/18 15:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/28 16:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Corel
[2010/05/31 15:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Cuttermaran
[2010/05/31 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\DivX
[2009/07/05 21:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Download Manager
[2009/09/05 17:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\dvdcss
[2011/10/22 16:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\DVDVideoSoft
[2010/07/18 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\FileOpen
[2011/10/28 16:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\foobar2000
[2009/07/17 02:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\funkitron
[2009/10/13 18:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Google
[2011/12/30 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\gtk-2.0
[2009/06/26 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Help
[2009/05/30 14:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Identities
[2009/08/28 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Image Zone Express
[2009/06/28 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\ImgBurn
[2011/08/29 01:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\InfraRecorder
[2011/10/06 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Intuit
[2010/10/30 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\iWin
[2009/07/06 15:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Jasc Software Inc
[2011/05/01 08:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Leadertech
[2011/05/01 08:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Logishrd
[2011/05/01 08:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Logitech
[2009/05/30 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Macromedia
[2009/10/03 11:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Malwarebytes
[2009/09/04 17:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Mapi2Xml
[2011/10/12 11:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\MechCAD
[2010/01/13 01:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Media Player Classic
[2011/04/21 12:54:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\elizabeth\Application Data\Microsoft
[2010/01/02 18:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Move Networks
[2011/04/14 17:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Mozilla
[2010/01/29 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\MozillaControl
[2010/11/15 17:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Namco
[2011/10/20 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\NCH Software
[2010/04/27 20:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\NCH Swift Sound
[2010/07/13 10:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Nova Development
[2011/01/16 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\OpenOffice.org
[2011/10/01 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\PDF Writer
[2011/09/30 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Process Hacker 2
[2009/06/23 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Safer Networking
[2009/05/30 16:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Sun
[2010/06/17 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Winamp
[2011/03/26 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\wsInspector
[2011/12/22 12:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\YoudaGames


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/14 09:09:48 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=73BF5036A2ABA403DB078C65B1A29A99 -- C:\symbols\explorer.exe\48025C30ff000\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Documents and Settings\elizabeth\Desktop\Kits\Boot CDs\Admin from Tony\I386\EXPLORER.EXE
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2003/03/30 16:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE

< MD5 for: SVCHOST.EXE >
[2003/03/30 16:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Documents and Settings\elizabeth\Desktop\Kits\XP SP1 Home OEM i386 files\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Documents and Settings\elizabeth\Desktop\Kits\Boot CDs\Admin from Tony\I386\SYSTEM32\SVCHOST.EXE
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Documents and Settings\elizabeth\Desktop\Kits\Boot CDs\Admin from Tony\I386\SYSTEM32\USERINIT.EXE
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\Documents and Settings\elizabeth\Desktop\Kits\XP SP1 Home OEM i386 files\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/03/30 16:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Documents and Settings\elizabeth\Desktop\Kits\Boot CDs\Admin from Tony\I386\SYSTEM32\WINLOGON.EXE
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2003/03/30 16:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Documents and Settings\elizabeth\Desktop\Kits\XP SP1 Home OEM i386 files\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/02 20:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/30 16:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/02 20:01:45 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/02 20:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 01:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 02:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/30 16:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:גָמָלקִפּוֹד
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56DDC33
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6468C896
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3A27FDE
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2556A8A0
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627153F1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449

< End of report >


OTL Extras logfile created on: 12/30/2011 7:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.29% Memory free
5.40 Gb Paging File | 4.37 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.05 Gb Total Space | 24.90 Gb Free Space | 27.05% Space Free | Partition Type: NTFS
Drive E: | 90.38 Gb Total Space | 13.61 Gb Free Space | 15.05% Space Free | Partition Type: NTFS

Computer Name: MTVIEW | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Documents and Settings\elizabeth\Desktop\HitmanPro35.exe" "%1\"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\File-Mate\FM1500 2\File-Mate 1500.exe" = C:\Program Files\File-Mate\FM1500 2\File-Mate 1500.exe:*:Enabled:FileMaker Pro Runtime
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{17F6CD67-0E9D-4C4B-8F49-17F081092AE2}" = Better Homes and Gardens Interior Designer 7.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 30
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D587291-A4D7-4D0B-AB47-F322D24402D8}" = EasyMPEG Lite
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111433970}" = Scrabble Deluxe
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3BC2787-B9CC-4074-A3C7-75BA2B9CECBB}" = Governor of Poker 2 Standard Edition
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C62D7344-8709-4443-9C95-F90659CBC27F}" = Art Explosion Publisher Pro
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"7-Zip" = 7-Zip 4.65
"AceMoney Lite_is1" = AceMoney Lite
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AndreaMosaic" = AndreaMosaic 3.32.3
"Anti-Twin 2010-05-16 23.02.10" = Anti-Twin (Installation 5/16/2010)
"Any Video Converter_is1" = Any Video Converter 3.1.3
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"Avidemux 2.5" = Avidemux 2.5
"AXIS Camera Server Control" = AXIS Camera Server Control
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner (remove only)
"CinePlay" = CinePlay
"CloneSpy" = CloneSpy 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX Setup
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DWG TrueView 2012" = DWG TrueView 2012
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fast Bitmap Extractor" = Fast Bitmap Extractor
"foobar2000" = foobar2000 v1.1.7
"Free Audio Converter_is1" = Free Audio Converter version 2.3.2.804
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.920
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"HitmanPro35" = Hitman Pro 3.5
"HPOCR" = OCR Software by I.R.I.S 7.0
"iCare by Wild Ginger Software, Inc." = iCare by Wild Ginger Software, Inc.
"IE New Window Maximizer_is1" = IE New Window Maximizer 2.4
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Mo-Search 3.1" = Mo-Search 3.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ONEWORLD" = oneworld Timetables
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoPad" = PhotoPad Image Editor
"PhotoScape" = PhotoScape
"PosteRazor_is1" = PosteRazor
"Process_Hacker2_is1" = Process Hacker 2.22
"PROSet" = Intel® PRO Network Adapters and Drivers
"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.1.1.2
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.88
"ScMgr30Uninstall" = Caere Scan Manager 4.01
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tile Print_is1" = Tile Print Version 3
"ToolBox" = NCH Toolbox
"TopOCR" = TopOCR 3.1
"TurboTax Basic 2005" = TurboTax Basic 2005
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"UIUC Airfoil Database_is1" = UIUC Airfoil Coordinates Database - Version 2.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wild Things! by Wild Ginger Software, Inc." = Wild Things! by Wild Ginger Software, Inc.
"Wild Things! Vintage by Wild Ginger Software, Inc." = Wild Things! Vintage by Wild Ginger Software, Inc.
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-1425521274-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2011 2:28:14 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2011 3:25:49 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2011 8:36:55 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2011 9:41:00 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2011 5:13:21 AM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application FreeVideoDub.exe, version 1.7.4.67, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2011 5:20:26 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2011 6:09:43 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2011 6:09:45 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2011 8:39:34 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2011 8:49:06 PM | Computer Name = MTVIEW | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 7/5/2009 3:43:49 PM | Computer Name = MTVIEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 560
seconds with 540 seconds of active time. This session ended with a crash.

Error - 7/5/2009 3:44:36 PM | Computer Name = MTVIEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2009 3:45:30 PM | Computer Name = MTVIEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2009 3:46:48 PM | Computer Name = MTVIEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/1/2009 9:58:27 PM | Computer Name = MTVIEW | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/29/2011 4:31:00 PM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/29/2011 9:31:00 PM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/30/2011 2:31:00 AM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/30/2011 7:31:00 AM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/30/2011 12:31:00 PM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/30/2011 5:31:00 PM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/30/2011 10:31:00 PM | Computer Name = MTVIEW | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1ca0a87e1cc1dd6
with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/31/2011 12:30:01 AM | Computer Name = MTVIEW | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/31/2011 12:30:26 AM | Computer Name = MTVIEW | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/31/2011 12:30:53 AM | Computer Name = MTVIEW | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

Mahalo for your assistance.
  • 0

#4
michaelg9
Posted 31 December 2011 - 03:39 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Did you set a proxy at Internet Explorer and Firefox?:

IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 166.205.137.32:80
FF - prefs.js..network.proxy.ftp: "166.205.137.32"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "166.205.137.32"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "166.205.137.32"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "166.205.137.32"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0



Next:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell - "" = AutoRun
    O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{ff9d4416-7e31-11de-b0e9-00241d243982}\Shell\AutoRun\command - "" = R:\WDSetup.exe
    O37 - HKU\S-1-5-21-515967899-1425521274-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:גָמָלקִפּוֹד

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\IS-2D0CV.EXE
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Next:

Please uninstall HijackThis as we're not going to use it and can cause damage to your computer if used inappropriately
  • 0

#5
alohagirl
Posted 31 December 2011 - 03:32 PM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

Did you set a proxy at Internet Explorer and Firefox? No, I did not do this


I disabled AVG & MBAM then downloaded ComboFix and ran it. It installed Microsoft Recovery Console, continued running for a few more minutes then re-booted my PC. Upon reboot AVG & MBAM are automaticaly turned back on, ComboFix window said:

Preparing Log Report
Do not run any progams until ComboFix has finished.

I waited for about 45 minutes and nothing happened, so I closed out ComboFix. No report was generated. However, all of AVGs components were removed. AVG would not do a repair, so I had to uninstall and re-install.

I have removed HijackThis. I have not run OTL, wasn't sure if I should since ComboFix didn't work. Can't connect to VirSCAN.org, I can connect to other websites so maybe they are just down right now?

awaiting furhter instructions...

Mahalo
  • 0

#6
michaelg9
Posted 31 December 2011 - 06:15 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Check in C: if there is a log named ComboFix.txt and tell me :)
  • 0

#7
alohagirl
Posted 01 January 2012 - 06:33 PM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

ComboFix.txt was found in c:, appears to be a partial log, am pasting below. Also, did connect to virscan.org, however just get error 403 when trying to upload. Did manage to upload file to GFI Sandbox and got extensive reports on file, should I post/attach the files?

ComboFix 11-12-31.03 - elizabeth 12/31/2011 9:12:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2196 [GMT -10:00]
Running from: C:\Documents and Settings\elizabeth\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
C:\Documents and Settings\All Users\Application Data\Tarma Installer
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20100310180120.log
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\elizabeth\Local Settings\Application Data\assembly\tmp
C:\Documents and Settings\elizabeth\Templates\nl18yqyn7vv6401wm0311bk4wx0sa7w6
C:\Documents and Settings\elizabeth\WINDOWS
C:\Program Files\Program Files
C:\Program Files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
C:\Program Files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
C:\Program Files\Program Files\Common Files\Adobe\Workflow\Options.txt
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\PowerToyReadme.htm

Infected copy of C:\WINDOWS\system32\user32.dll was found and disinfected
Restored copy from - C:\WINDOWS\ServicePackFiles\i386\user32.dll


((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))


2011-12-30 08:23:59 . 2000-01-01 02:00:00 170080 ----a-w- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-12-30 02:54:29 . 2011-12-30 02:54:39 -------- d-----w- C:\Program Files\Tracker Software
2011-12-30 02:07:41 . 2011-12-30 02:07:41 -------- d-----w- C:\Program Files\Foxit Software
2011-12-26 09:24:20 . 2011-12-26 09:24:20 388096 ----a-r- C:\Documents and Settings\elizabeth\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-26 09:24:19 . 2011-12-26 09:24:19 -------- d-----w- C:\Program Files\HiJack This
2011-12-22 22:36:25 . 2011-12-22 22:36:25 -------- d-----w- C:\Documents and Settings\elizabeth\Application Data\YoudaGames
2011-12-22 22:34:42 . 2011-12-22 22:35:27 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Youdagames
2011-12-22 22:34:42 . 2011-12-22 22:34:44 -------- d-----w- C:\Program Files\Governor of Poker 2 Standard Edition
2011-12-13 00:50:01 . 2011-12-30 01:11:19 -------- d-----w- C:\Program Files\FTR
2011-12-05 05:16:20 . 2011-12-05 05:59:12 -------- d-----w- C:\Program Files\Avidemux 2.5
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-25 21:01:07 . 2009-05-31 00:16:05 33280 ----a-w- C:\WINDOWS\system32\rundll32.exe
2011-11-10 15:54:13 . 2010-05-12 17:34:04 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-11-10 13:27:10 . 2010-04-02 01:48:30 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-11-08 05:32:00 . 2011-05-01 18:22:55 16400 ----a-w- C:\WINDOWS\system32\drivers\LNonPnP.sys
2011-11-08 05:17:38 . 2011-11-08 05:17:38 53248 ----a-r- C:\Documents and Settings\elizabeth\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-12 22:14:44 . 2011-10-12 22:14:44 876032 ----a-w- C:\WINDOWS\system32\VFP6RENU.DLL
2011-10-12 22:14:44 . 2011-10-12 22:14:44 6656 ----a-w- C:\WINDOWS\system32\FOXHHELPPS.DLL
2011-10-12 22:14:44 . 2011-10-12 22:14:44 3373328 ----a-w- C:\WINDOWS\system32\VFP6R.DLL
2011-10-12 22:14:44 . 2011-10-12 22:14:44 26112 ----a-w- C:\WINDOWS\system32\FOXHHELP.EXE
2011-10-12 22:14:44 . 2011-10-12 22:14:44 24990 ----a-w- C:\WINDOWS\system32\VFP6RUN.EXE
2011-10-12 22:14:44 . 2011-10-12 22:14:44 212240 ----a-w- C:\WINDOWS\system32\RICHTX32.OCX
2011-09-03 06:01:45 . 2011-10-06 21:01:10 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


Mahalo


  • 0

#8
michaelg9
Posted 02 January 2012 - 05:59 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Ok follow this:

Delete the combofix copy you have on your Desktop

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3


==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-515967899-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 166.205.137.32:80
    FF - prefs.js..network.proxy.ftp: "166.205.137.32"
    FF - prefs.js..network.proxy.ftp_port: 80
    FF - prefs.js..network.proxy.http: "166.205.137.32"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "166.205.137.32"
    FF - prefs.js..network.proxy.socks_port: 80
    FF - prefs.js..network.proxy.ssl: "166.205.137.32"
    FF - prefs.js..network.proxy.ssl_port: 80
    FF - prefs.js..network.proxy.type: 0
    33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell - "" = AutoRun
    O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{152cb8f8-680b-11de-b0c5-00241d243982}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{ff9d4416-7e31-11de-b0e9-00241d243982}\Shell\AutoRun\command - "" = R:\WDSetup.exe
    O37 - HKU\S-1-5-21-515967899-1425521274-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:39 | 000,001,432 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    [2011/12/25 10:34:23 | 000,001,432 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
    @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:גָמָלקִפּוֹד

    :Services

    :Reg

    :Files
    C:\Program Files\HiJack This

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service or VirusTotal
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\IS-2D0CV.EXE
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#9
alohagirl
Posted 03 January 2012 - 05:08 PM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

had to uninstall AVG for ComboFix to run. Here are the logs you asked for.

ComboFix 12-01-03.07 - elizabeth 01/03/2012 12:15:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2546 [GMT -10:00]
Running from: c:\documents and settings\elizabeth\Desktop\ComboFix.exe
Command switches used :: /killall
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\nl18yqyn7vv6401wm0311bk4wx0sa7w6
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20100310180120.log
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\documents and settings\elizabeth\Templates\nl18yqyn7vv6401wm0311bk4wx0sa7w6
c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\iun6002.exe
c:\windows\system32\PowerToyReadme.htm
.
-- Previous Run --
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\user32.dll
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2011-12-31 20:49 . 2011-12-31 20:49 -------- d-----w- c:\documents and settings\elizabeth\Application Data\AVG2012
2011-12-31 20:47 . 2012-01-03 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-30 08:23 . 2000-01-01 02:00 170080 ----a-w- c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-12-30 02:54 . 2011-12-30 02:54 -------- d-----w- c:\program files\Tracker Software
2011-12-30 02:07 . 2011-12-30 02:07 -------- d-----w- c:\program files\Foxit Software
2011-12-22 22:36 . 2011-12-22 22:36 -------- d-----w- c:\documents and settings\elizabeth\Application Data\YoudaGames
2011-12-22 22:34 . 2011-12-22 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Youdagames
2011-12-22 22:34 . 2011-12-22 22:34 -------- d-----w- c:\program files\Governor of Poker 2 Standard Edition
2011-12-13 00:50 . 2011-12-30 01:11 -------- d-----w- c:\program files\FTR
2011-12-05 05:16 . 2011-12-05 05:59 -------- d-----w- c:\program files\Avidemux 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 21:01 . 2009-05-31 00:16 33280 ----a-w- c:\windows\system32\rundll32.exe
2011-11-10 15:54 . 2010-05-12 17:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 13:27 . 2010-04-02 01:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-08 05:32 . 2011-05-01 18:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-08 05:17 . 2011-11-08 05:17 53248 ----a-r- c:\documents and settings\elizabeth\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-12 22:14 . 2011-10-12 22:14 876032 ----a-w- c:\windows\system32\VFP6RENU.DLL
2011-10-12 22:14 . 2011-10-12 22:14 6656 ----a-w- c:\windows\system32\FOXHHELPPS.DLL
2011-10-12 22:14 . 2011-10-12 22:14 3373328 ----a-w- c:\windows\system32\VFP6R.DLL
2011-10-12 22:14 . 2011-10-12 22:14 26112 ----a-w- c:\windows\system32\FOXHHELP.EXE
2011-10-12 22:14 . 2011-10-12 22:14 24990 ----a-w- c:\windows\system32\VFP6RUN.EXE
2011-10-12 22:14 . 2011-10-12 22:14 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-09-03 06:01 . 2011-10-06 21:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-09 356352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-18 17508864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/18/2009 2:45 PM 64288]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5/1/2011 8:22 AM 10448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1ca0a87e1cc1dd6;Google Update Service (gupdate1ca0a87e1cc1dd6);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2009 6:50 PM 133104]
S2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2009 6:50 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/30/2009 3:11 PM 1684736]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:50]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:50]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003Core.job
- c:\documents and settings\elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 19:11]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003UA.job
- c:\documents and settings\elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 19:11]
.
2011-12-18 c:\windows\Tasks\photopadShakeIcon.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2011-12-05 10:10]
.
2011-12-05 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-12-01 23:02]
.
2011-12-20 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-23 19:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 166.205.137.32:80
IE: E&xport to Microsoft Excel
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
FF - ProfilePath - c:\documents and settings\elizabeth\Application Data\Mozilla\Firefox\Profiles\8zfu0la0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 166.205.137.32
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 166.205.137.32
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 166.205.137.32
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 166.205.137.32
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AndreaMosaic - c:\windows\iun6002.exe
AddRemove-HPOCR - c:\program files\HP\Digital Imaging\OCR\hpzscr01.exe
AddRemove-UIUC Airfoil Database_is1 - c:\documents and settings\elizabeth\Desktop\downloads\UIUC Selig\unins000.exe
AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{108A3~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-03 12:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Print\Monitors\HP Standard TCP/IP Port]
@DACL=(02 0000)
"Driver"="HpTcpMon.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1072)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\LnkProtect.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-01-03 12:32:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-03 22:32
.
Pre-Run: 27,666,464,768 bytes free
Post-Run: 27,624,144,896 bytes free
.
- - End Of File - - AEA6F9485173ABA1941E8A45A6525FCE

OTL logfile created on: 1/3/2012 12:50:06 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 85.65% Memory free
4.71 Gb Paging File | 4.49 Gb Available in Paging File | 95.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.05 Gb Total Space | 26.20 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
Drive E: | 90.38 Gb Total Space | 13.61 Gb Free Space | 15.06% Space Free | Partition Type: NTFS

Computer Name: MTVIEW | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 23:37:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/08 23:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- C:\Program Files\IE New Window Maximizer\iemaximizer.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/12/02 23:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/24 07:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 07:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 07:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/01/02 18:33:19 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/22 02:06:00 | 000,130,688 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/17 16:55:54 | 005,026,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/09/24 03:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/11 23:10:22 | 000,021,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [1996/04/03 09:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 11:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 22:23:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\elizabeth\Application Data\Move Networks [2010/01/02 18:02:37 | 000,000,000 | ---D | M]

[2011/04/14 17:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth\Application Data\Mozilla\Extensions
[2011/10/01 13:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\elizabeth\Application Data\Mozilla\Firefox\Profiles\8zfu0la0.default\extensions
[2011/12/26 09:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 13:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/12/26 09:15:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ELIZABETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8ZFU0LA0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/04/01 15:48:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/22 13:50:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/02 20:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 16:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/09/02 13:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\elizabeth\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/03 12:27:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/...msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280432097921 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DAA7CCB-42B1-4A51-978E-AC400707C003}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C52C2F3-4426-4A2A-813F-69AC54E5DB0C}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF54D39-1A99-481D-B43D-9EA5A3B7121C}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/30 14:02:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 12:44:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/03 12:43:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/03 12:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/03 12:12:15 | 004,368,434 | R--- | C] (Swearware) -- C:\Documents and Settings\elizabeth\Desktop\ComboFix.exe
[2012/01/01 00:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\sandbox
[2011/12/31 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Application Data\AVG2012
[2011/12/31 10:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/31 09:10:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/31 09:08:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/31 09:08:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/31 09:08:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/31 09:08:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/31 09:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/31 09:07:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 17:33:21 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\elizabeth\Desktop\tdsskiller.exe
[2011/12/30 17:32:37 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\elizabeth\Desktop\aswMBR.exe
[2011/12/29 16:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2011/12/29 16:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011/12/29 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/12/26 00:21:04 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\elizabeth\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 23:37:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
[2011/12/24 16:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\washer
[2011/12/22 12:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Application Data\YoudaGames
[2011/12/22 12:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Youdagames
[2011/12/22 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker 2 Standard Edition
[2011/12/21 13:49:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\elizabeth\Recent
[2011/12/12 22:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\meditation
[2011/12/12 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\FTR
[2011/12/09 12:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\Harry
[2011/12/06 13:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Desktop\win32
[2011/12/05 00:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/12/05 00:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Graphics Related Programs
[2011/12/04 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5

========== Files - Modified Within 30 Days ==========

[2012/01/03 12:45:45 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 12:45:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 12:45:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/03 12:36:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003UA.job
[2012/01/03 12:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/03 12:27:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/03 12:13:53 | 004,368,434 | R--- | M] (Swearware) -- C:\Documents and Settings\elizabeth\Desktop\ComboFix.exe
[2012/01/03 10:36:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-725345543-1003Core.job
[2011/12/31 09:10:45 | 000,000,306 | RHS- | M] () -- C:\boot.ini
[2011/12/30 20:08:19 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.7z
[2011/12/30 19:55:40 | 000,057,641 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\avg.jpg
[2011/12/30 19:55:40 | 000,012,722 | ---- | M] () -- C:\Documents and Settings\elizabeth\.recently-used.xbel
[2011/12/30 19:04:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.dat
[2011/12/30 17:33:30 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\elizabeth\Desktop\tdsskiller.exe
[2011/12/30 17:32:37 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\elizabeth\Desktop\aswMBR.exe
[2011/12/26 00:21:17 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\elizabeth\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/26 00:16:34 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\elizabeth\Desktop\exeHelper.com
[2011/12/25 23:37:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\elizabeth\Desktop\OTL.exe
[2011/12/19 14:53:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/18 09:57:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2011/12/05 00:15:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/04 23:32:39 | 000,243,200 | ---- | M] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/31 09:10:45 | 000,000,190 | ---- | C] () -- C:\Boot.bak
[2011/12/31 09:10:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/31 09:08:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/31 09:08:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/31 09:08:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/31 09:08:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/31 09:08:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 20:08:19 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.7z
[2011/12/30 19:55:40 | 000,012,722 | ---- | C] () -- C:\Documents and Settings\elizabeth\.recently-used.xbel
[2011/12/30 19:04:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\MBR.dat
[2011/12/30 17:28:53 | 000,057,641 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\avg.jpg
[2011/12/26 00:16:34 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\elizabeth\Desktop\exeHelper.com
[2011/12/19 14:53:50 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/12 09:57:59 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2011/12/05 00:15:03 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/05 00:10:18 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoPad Image Editor.lnk
[2011/09/28 15:32:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2011/08/29 01:33:57 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/08/27 10:39:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\IS-2D0CV.EXE
[2011/08/26 22:17:53 | 000,505,843 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1425521274-725345543-1003-0.dat
[2011/08/26 22:17:46 | 000,316,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/13 09:42:08 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2011/06/22 19:30:30 | 000,000,862 | ---- | C] () -- C:\WINDOWS\posteriza.INI
[2011/06/13 16:41:38 | 000,000,304 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011/03/25 15:34:58 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/25 15:34:53 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/25 15:34:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/25 15:34:40 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/29 21:19:21 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/01 18:01:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/11/01 18:01:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/07/18 14:20:04 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/23 06:36:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2010/03/23 17:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2010/03/10 18:01:43 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/03/10 13:38:18 | 000,000,503 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/02/01 10:16:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 12:58:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/13 12:58:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\Plug-Ins
[2010/01/13 01:22:29 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/13 01:22:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/13 01:22:25 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/13 01:22:25 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/13 01:22:22 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/06 14:48:36 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/01/03 11:52:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/03 11:52:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/03 11:47:30 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/01/02 18:34:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2009/09/05 11:30:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/28 18:06:27 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MaxLink.ini
[2009/08/28 18:05:55 | 000,047,616 | ---- | C] () -- C:\WINDOWS\unscan40.exe
[2009/07/05 15:10:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/07/01 11:48:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2009/06/26 19:14:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\PFP120JPR.{PB
[2009/06/26 19:14:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\elizabeth\Application Data\PFP120JCM.{PB
[2009/06/02 10:28:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/01 15:48:45 | 000,243,200 | ---- | C] () -- C:\Documents and Settings\elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/30 15:50:38 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/05/30 14:22:12 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/05/30 14:04:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/30 14:00:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/30 03:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/30 03:23:54 | 000,404,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/03/30 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/30 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/30 16:00:00 | 000,495,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/30 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/30 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/30 16:00:00 | 000,085,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/30 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/30 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/30 16:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/30 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/30 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 09:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/03/24 21:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/11 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/31 10:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/03 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/05/18 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/10/24 15:36:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/24 15:50:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/06 13:41:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/03/24 21:32:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 20:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/07/18 15:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/11/29 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/03 11:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/23 06:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/10/01 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2010/05/31 18:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/12/22 12:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdagames
[2009/09/04 16:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Affixa
[2010/12/01 15:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AnvSoft
[2011/09/11 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Autodesk
[2011/03/24 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG10
[2011/12/31 10:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG2012
[2010/05/31 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\avidemux
[2010/05/18 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canneverbe Limited
[2011/10/01 14:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Canon
[2011/06/23 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CasaPortale.de
[2009/07/06 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\CloneSpy
[2010/07/18 15:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/31 15:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Cuttermaran
[2011/10/22 16:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\DVDVideoSoft
[2010/07/18 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\FileOpen
[2011/10/28 16:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\foobar2000
[2009/07/17 02:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\funkitron
[2011/12/30 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\gtk-2.0
[2009/08/28 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Image Zone Express
[2009/06/28 14:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\ImgBurn
[2011/08/29 01:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\InfraRecorder
[2010/10/30 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\iWin
[2011/05/01 08:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Leadertech
[2009/09/04 17:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Mapi2Xml
[2011/10/12 11:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\MechCAD
[2010/11/15 17:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Namco
[2010/04/27 20:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\NCH Swift Sound
[2010/07/13 10:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Nova Development
[2011/01/16 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\OpenOffice.org
[2011/10/01 17:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\PDF Writer
[2011/09/30 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Process Hacker 2
[2009/06/23 14:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\Safer Networking
[2011/03/26 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\wsInspector
[2011/12/22 12:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\YoudaGames
[2011/12/18 09:57:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\photopadShakeIcon.job
[2011/12/05 00:15:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/12/19 14:53:51 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



< End of report >


File name: IS-2D0CV.EXE
Submission date: 2012-01-03 22:52:25 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2012.01.03.00 2012.01.03 -
AntiVir 7.11.20.135 2012.01.03 -
Antiy-AVL 2.0.3.7 2012.01.03 -
Avast 6.0.1289.0 2012.01.03 -
AVG 10.0.0.1190 2012.01.03 -
BitDefender 7.2 2012.01.03 -
ByteHero 1.0.0.1 2011.12.31 -
CAT-QuickHeal 12.00 2012.01.03 -
ClamAV 0.97.3.0 2012.01.03 -
Commtouch 5.3.2.6 2012.01.03 -
Comodo 11181 2012.01.03 -
DrWeb 5.0.2.03300 2012.01.03 -
Emsisoft 5.1.0.11 2012.01.03 -
eSafe 7.0.17.0 2012.01.03 -
eTrust-Vet 37.0.9660 2012.01.03 -
F-Prot 4.6.5.141 2012.01.03 -
F-Secure 9.0.16440.0 2012.01.03 -
Fortinet 4.3.388.0 2012.01.03 -
GData 22.330/22.623 2012.01.03 -
Ikarus T3.1.1.109.0 2011.12.31 -
Jiangmin 13.0.900 2012.01.03 -
K7AntiVirus 9.123.5849 2012.01.03 -
Kaspersky 9.0.0.837 2012.01.03 -
McAfee 5.400.0.1158 2012.01.03 -
McAfee-GW-Edition 2010.1E 2012.01.03 -
Microsoft 1.7903 2012.01.03 -
NOD32 6765 2012.01.03 -
Norman 6.07.13 2012.01.03 -
nProtect 2012-01-03.01 2012.01.03 -
Panda 10.0.3.5 2012.01.03 -
PCTools 8.0.0.5 2012.01.03 -
Prevx 3.0 2012.01.04 -
Rising 23.90.05.01 2011.12.31 -
Sophos 4.72.0 2012.01.03 -
SUPERAntiSpyware 4.40.0.1006 2012.01.03 -
Symantec 20111.2.0.82 2012.01.03 -
TheHacker 6.7.0.1.371 2012.01.03 -
TrendMicro 9.500.0.1008 2012.01.03 -
TrendMicro-HouseCall 9.500.0.1008 2012.01.03 -
VBA32 3.12.16.4 2012.01.03 -
VIPRE 11346 2012.01.03 -
ViRobot 2012.1.3.4861 2012.01.03 -
VirusBuster 14.1.148.0 2012.01.03 -
Additional informationShow all
MD5 : 95dc2ed4c949e7a2ac36e75688b53091
SHA1 : 2d8bfc451e6dc124e15dfa9ba10dfc2d2df98875
SHA256: cf7edfcedbbfd24c0c3d8c691121aaf752cb23fb6e8d50f1606891049aa61063
ssdeep: 3:ul8:ul8
File size : 20 bytes
First seen: 2012-01-01 09:23:24
Last seen : 2012-01-03 22:52:25
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): Unicode
ExifTool:
file metadata
Error: File format error
FileSize: 20 bytes



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team



  • 0

#10
michaelg9
Posted 03 January 2012 - 05:43 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    [2011/12/31 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\elizabeth\Application Data\AVG2012
    [2011/12/31 10:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/12/31 10:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2012/01/03 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/03/24 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG10
    [2011/12/31 10:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\elizabeth\Application Data\AVG2012

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Next:

As you don't have an antivirus now, please download Avast! Home Edition - a very good free AntiVirus.

Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next:

Read here on how to perform a boot time scan with Avast.
In step 7, where you select the default action for detections, select Move to Chest
Restart and then let avast scan your computer
After the scan has finished, open up avast, click the Scan Computer tab and scan logs sub-tab. There will be a boot time scan log, tell me if it found anything and what was that :thumbsup:


Next:

Please tell me how's your computer working and if there are any other problems
  • 0

Advertisements

#11
alohagirl
Posted 04 January 2012 - 03:05 AM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

Ran OTL, installed Avast and scanned, no virus found.

MBAM will not run, get the following message.

mbam.jpg
  • 0

#12
michaelg9
Posted 04 January 2012 - 04:24 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Turn of your antivirus and try again with MBAM. If no success, try to re-install it and then retry. Tell me what happened. Finally re-enable your antivirus

Next:

Please tell me how's your computer working and if there are any other problems
  • 0

#13
alohagirl
Posted 06 January 2012 - 04:12 PM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

MBAM still won't run. Tried disabling AVAST, uninstalled, reinstalled. Application event log states:

Faulting application mbam.exe, version 1.60.0.59, faulting module mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0.

Still getting the occassional "explorer can not display web page" errors. System event log has numerous errors/warnings regarding TCP/IP connect attempts, clock won't synchronise, google update fails.

Mahalo
  • 0

#14
michaelg9
Posted 07 January 2012 - 07:10 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Follow this to remove proxy settings from all of your browsers.

Next:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image



Next:

While on Internet Explorer, click Tools > Internet Options
Go to Content tab
Click the Clear SSL state button


Next:

1. Open the Start Menu > Run.
Type:

cmd

At the prompt, type:

chkdsk /f /r

.
It will ask you to run chkdsk at the next boot type Y and press enter.
4.Reboot and don't touch any key, let chkdsk scan your Drive.
5.When it finishes, read here on how to find the chkdsk log and copy it and paste it in your next post.
Note: The tutorial is for Win7 but the process is similar.

Next:

Do you have you Windows CD?
  • 0

#15
alohagirl
Posted 08 January 2012 - 02:12 PM

alohagirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Aloha,

Removed proxy settings from all browsers.

Ran AVPTool virus scan, no infections found.

Attached File  avptool_sysinfo.zip   21.75KB   99 downloads

Cleared SSL

Chkdsk log...

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 1/8/2012
Time: 3:54:05 AM
User: N/A
Computer: MTVIEW
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 352 unused index entries from index $SII of file 0x9.
Cleaning up 352 unused index entries from index $SDH of file 0x9.
Cleaning up 352 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

96526520 KB total disk space.
69846256 KB in 271950 files.
106696 KB in 20463 indexes.
0 KB in bad sectors.
494544 KB in use by the system.
65536 KB occupied by the log file.
26079024 KB available on disk.

4096 bytes in each allocation unit.
24131630 total allocation units on disk.
6519756 allocation units available on disk.

Internal Info:
60 ea 04 00 49 76 04 00 d9 9b 06 00 00 00 00 00 `...Iv..........
57 4f 00 00 04 00 00 00 86 08 00 00 00 00 00 00 WO..............
52 56 b4 11 00 00 00 00 18 3e 2e b2 00 00 00 00 RV.......>......
b6 e7 bd 21 00 00 00 00 ec db ff ac 08 00 00 00 ...!............
4a bd 87 79 01 00 00 00 18 77 e4 1c 0b 00 00 00 J..y.....w......
b0 49 e6 a6 00 00 00 00 a8 39 07 00 4e 26 04 00 .I.......9..N&..
00 00 00 00 00 c0 13 a7 10 00 00 00 ef 4f 00 00 .............O..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Yes, I do have my Windows CD.

Mahalo


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP