Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another victim of "XP Home Security 2012" virus! [Solved]

Started by cervada , Dec 30 2011 05:51 PM

  • This topic is locked This topic is locked

#1
cervada
Posted 30 December 2011 - 05:51 PM

cervada

    Member

  • Member
  • PipPip
  • 37 posts
Hi, I've received some awesome help here before so this is always my go to place when I run into these kinds of problems. Yesterday everything was running fine. This afternoon after turning on our PC and reading a couple of news articles we began to get the now familiar messages saying "System Hacked" with a title of XP Home Security 2012. This gives details a possible Trojan threat. I know better than to click on the recommendation to scan and activate XP Home Security 2012. Also, when I try to open just about any file I get a Firewall Alert from the same XP Home Security 2012. After reading through several posts it appears I have a similar virus as other people. I am working on a different computer to post this because the virus is also preventing access to any website. Any assistance with getting rid of this issue would be greatly appreciated!

David C
Spring, TX

OTL logfile created on: 12/30/2011 5:07:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.27% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 227.69 Gb Free Space | 76.38% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.91 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

Computer Name: DAVID-7D5AEA3F6 | User Name: David Cervantes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 17:05:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Virus Removal\OTL.scr
PRC - [2011/12/30 12:20:06 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe
PRC - [2011/12/16 05:28:30 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/13 15:53:45 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe
PRC - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/06 14:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 16:58:30 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/30 16:58:30 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/06 22:05:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/06 22:05:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/04/01 14:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 14:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/13 15:53:45 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 22:03:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/06 22:03:39 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/08 15:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 15:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/04/15 09:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2002/04/15 09:50:00 | 000,040,750 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002/04/15 09:50:00 | 000,023,328 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/04/15 09:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lkbdflt2.sys -- (LKbdFlt2)
DRV - [2001/11/08 07:53:54 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001/10/28 12:34:46 | 000,153,760 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/08/17 12:12:02 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\D100IB5.SYS -- (D100IB)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.154
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:10&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2z\bar\1.bin\NP2zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 09:22:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/12 09:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/12/13 15:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 12:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:07:27 | 000,000,000 | ---D | M]

[2010/01/10 10:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Extensions
[2011/12/19 21:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions
[2011/07/20 14:10:26 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/21 18:41:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/07 15:47:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/04/11 19:33:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/13 15:59:42 | 000,000,000 | ---D | M] (Retrogamer) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\2zffxtbr@Retrogamer_2z.com
[2011/12/17 21:07:01 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\[email protected]
[2011/09/18 22:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\nostmp
[2011/12/13 16:46:34 | 000,010,001 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\searchplugins\Retrogamer_2z.xml
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/19 19:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/12 12:08:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/29 17:39:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/12/12 09:47:39 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/02 17:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 12:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Retrogamer Search Scope Monitor] C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\David Cervantes\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.retro...2D&n=2011121316 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} https://www.worldgif...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595A9747-89A8-49CF-B478-CB9AFB31601A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 19:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50cf2954-eb95-11df-bf51-806d6172696f}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{a1e8fab3-0274-11e0-9c8c-009047029026}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe
O33 - MountPoints2\{a8b8d6d6-1001-11e0-9cab-009047029026}\Shell\AutoRun\command - "" = L:\PMBP_Win.exe
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 61d] -- "C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 12:20:06 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe
[2011/12/29 17:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/29 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/26 15:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Intelli-studio
[2011/12/26 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/26 13:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/12/26 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Gabby
[2011/12/25 18:49:48 | 000,129,875 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\mr97310c.sys
[2011/12/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Start Menu\Programs\MY CAMERA
[2011/12/25 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mars
[2011/12/23 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/22 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\ZPS13
[2011/12/22 23:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner
[2011/12/22 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Zoner
[2011/12/21 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2011/12/13 15:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\PlaySega
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/12/13 15:54:13 | 000,819,200 | ---- | C] (Metaboli) -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.ocx
[2011/12/13 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2z
[2011/12/13 15:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2zEI
[2011/12/12 09:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/12 09:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 09:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/05 15:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Van payments
[2011/01/12 17:36:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.sys
[2010/03/27 12:32:47 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:57:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 16:56:38 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/12/30 16:56:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 12:11:28 | 141,812,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/28 17:47:44 | 000,210,034 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/26 19:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 15:50:56 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:07:16 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/26 13:03:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/26 13:03:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/26 13:03:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/26 13:01:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/26 13:00:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:55:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:45 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/22 09:22:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:01 | 000,026,395 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:02 | 009,987,136 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/14 10:27:48 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/09 17:24:02 | 000,214,298 | ---- | M] () -- C:\VoiceMessage.wav
[2011/12/08 11:41:52 | 000,000,073 | ---- | M] () -- C:\WINDOWS\booktracker.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 12:20:09 | 000,018,462 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 12:20:09 | 000,018,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/27 22:40:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:00:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:50:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2011/12/25 18:49:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2011/12/25 18:49:45 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:00 | 000,026,395 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:01 | 009,987,136 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/13 15:54:13 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.inf
[2011/12/09 18:44:58 | 000,214,298 | ---- | C] () -- C:\VoiceMessage.wav
[2011/08/21 18:54:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\booktracker.ini
[2011/07/12 15:19:26 | 000,000,218 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/02/05 20:00:51 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/02/05 20:00:51 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/02/05 20:00:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/05 20:00:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/05 20:00:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/02/03 18:03:53 | 000,022,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/12 17:36:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\inst.exe
[2011/01/12 17:36:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.cat
[2011/01/12 17:36:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.inf
[2010/07/27 11:22:40 | 000,000,942 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/06/26 22:40:09 | 000,080,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/13 22:23:35 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2886491261
[2010/04/13 22:23:34 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\2886491261
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\7SkRgtbX5FlAM
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM
[2010/03/27 12:48:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/01/10 21:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/01/10 21:13:29 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/01/10 19:12:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 19:06:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/10 17:59:52 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 17:45:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/10 17:24:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 11:52:37 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/10 10:35:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/09 23:27:57 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/09 18:52:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/09 18:49:17 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 00:31:10 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/01 00:31:08 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/01 00:31:08 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/06 22:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/12/12 14:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010/11/03 14:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/19 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/10 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/03/02 20:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/19 17:54:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/13 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2010/06/16 17:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2010/12/28 11:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/10/02 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/22 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/03 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/19 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\AVG10
[2010/01/10 17:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Canneverbe_Limited
[2010/09/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\CloneSpy
[2010/01/10 20:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\DeviceDoctorSoftware
[2010/05/29 21:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\FinalMediaPlayer
[2010/04/03 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\flightgear.org
[2010/04/05 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\fltk.org
[2010/01/13 18:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit
[2010/03/06 09:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit Software
[2010/08/04 21:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\gtk-2.0
[2010/06/16 17:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\IBMERS
[2011/03/02 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ICAClient
[2011/12/21 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2010/01/10 11:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\KeePass
[2010/10/19 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Pdfsvg
[2011/12/07 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ReGet Software
[2010/03/10 12:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\School Zone Preferences
[2011/07/20 14:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Sony Online Entertainment
[2011/06/23 20:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\TagScanner
[2010/12/14 15:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Unity
[2011/01/12 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Vso
[2011/12/27 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1

< End of report >
OTL logfile created on: 12/30/2011 5:07:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.27% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 227.69 Gb Free Space | 76.38% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.91 Gb Free Space | 51.08% Space Free | Partition Type: FAT32

Computer Name: DAVID-7D5AEA3F6 | User Name: David Cervantes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 17:05:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Virus Removal\OTL.scr
PRC - [2011/12/30 12:20:06 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe
PRC - [2011/12/16 05:28:30 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/13 15:53:45 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe
PRC - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/06 14:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 16:58:30 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/30 16:58:30 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/06 22:05:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/06 22:05:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/04/01 14:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 14:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/13 15:53:45 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
SRV - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 22:03:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/06 22:03:39 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/08 15:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 15:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/04/15 09:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2002/04/15 09:50:00 | 000,040,750 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002/04/15 09:50:00 | 000,023,328 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/04/15 09:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lkbdflt2.sys -- (LKbdFlt2)
DRV - [2001/11/08 07:53:54 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001/10/28 12:34:46 | 000,153,760 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/08/17 12:12:02 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\D100IB5.SYS -- (D100IB)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.154
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:10&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2z\bar\1.bin\NP2zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 09:22:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/12 09:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/12/13 15:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 12:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:07:27 | 000,000,000 | ---D | M]

[2010/01/10 10:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Extensions
[2011/12/19 21:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions
[2011/07/20 14:10:26 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/21 18:41:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/07 15:47:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/04/11 19:33:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/13 15:59:42 | 000,000,000 | ---D | M] (Retrogamer) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\2zffxtbr@Retrogamer_2z.com
[2011/12/17 21:07:01 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\[email protected]
[2011/09/18 22:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\nostmp
[2011/12/13 16:46:34 | 000,010,001 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\searchplugins\Retrogamer_2z.xml
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/19 19:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/11/12 12:08:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/29 17:39:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/12/12 09:47:39 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/02 17:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 12:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Retrogamer Search Scope Monitor] C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\David Cervantes\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.retro...2D&n=2011121316 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} https://www.worldgif...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595A9747-89A8-49CF-B478-CB9AFB31601A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 19:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50cf2954-eb95-11df-bf51-806d6172696f}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{a1e8fab3-0274-11e0-9c8c-009047029026}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe
O33 - MountPoints2\{a8b8d6d6-1001-11e0-9cab-009047029026}\Shell\AutoRun\command - "" = L:\PMBP_Win.exe
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 61d] -- "C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 12:20:06 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe
[2011/12/29 17:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/29 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/26 15:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Intelli-studio
[2011/12/26 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/26 13:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/12/26 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Gabby
[2011/12/25 18:49:48 | 000,129,875 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\mr97310c.sys
[2011/12/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Start Menu\Programs\MY CAMERA
[2011/12/25 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mars
[2011/12/23 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/22 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\ZPS13
[2011/12/22 23:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner
[2011/12/22 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Zoner
[2011/12/21 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2011/12/13 15:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\PlaySega
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/12/13 15:54:13 | 000,819,200 | ---- | C] (Metaboli) -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.ocx
[2011/12/13 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2z
[2011/12/13 15:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2zEI
[2011/12/12 09:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/12 09:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 09:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/05 15:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Van payments
[2011/01/12 17:36:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.sys
[2010/03/27 12:32:47 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:57:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 16:56:38 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/12/30 16:56:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 12:11:28 | 141,812,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/28 17:47:44 | 000,210,034 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/26 19:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 15:50:56 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:07:16 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/26 13:03:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/26 13:03:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/26 13:03:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/26 13:01:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/26 13:00:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:55:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:45 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/22 09:22:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:01 | 000,026,395 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:02 | 009,987,136 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/14 10:27:48 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/09 17:24:02 | 000,214,298 | ---- | M] () -- C:\VoiceMessage.wav
[2011/12/08 11:41:52 | 000,000,073 | ---- | M] () -- C:\WINDOWS\booktracker.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 12:20:09 | 000,018,462 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 12:20:09 | 000,018,462 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/27 22:40:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:00:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:50:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2011/12/25 18:49:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2011/12/25 18:49:45 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:00 | 000,026,395 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:01 | 009,987,136 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/13 15:54:13 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.inf
[2011/12/09 18:44:58 | 000,214,298 | ---- | C] () -- C:\VoiceMessage.wav
[2011/08/21 18:54:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\booktracker.ini
[2011/07/12 15:19:26 | 000,000,218 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/02/05 20:00:51 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/02/05 20:00:51 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/02/05 20:00:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/05 20:00:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/05 20:00:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/02/03 18:03:53 | 000,022,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/12 17:36:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\inst.exe
[2011/01/12 17:36:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.cat
[2011/01/12 17:36:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.inf
[2010/07/27 11:22:40 | 000,000,942 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/06/26 22:40:09 | 000,080,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/13 22:23:35 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2886491261
[2010/04/13 22:23:34 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\2886491261
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\7SkRgtbX5FlAM
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM
[2010/03/27 12:48:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/01/10 21:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/01/10 21:13:29 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/01/10 19:12:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 19:06:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/10 17:59:52 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 17:45:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/10 17:24:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 11:52:37 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/10 10:35:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/09 23:27:57 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/09 18:52:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/09 18:49:17 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 00:31:10 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/01 00:31:08 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/01 00:31:08 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/06 22:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/12/12 14:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010/11/03 14:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/19 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/10 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/03/02 20:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/19 17:54:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/13 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2010/06/16 17:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2010/12/28 11:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/10/02 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/22 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/03 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/19 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\AVG10
[2010/01/10 17:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Canneverbe_Limited
[2010/09/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\CloneSpy
[2010/01/10 20:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\DeviceDoctorSoftware
[2010/05/29 21:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\FinalMediaPlayer
[2010/04/03 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\flightgear.org
[2010/04/05 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\fltk.org
[2010/01/13 18:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit
[2010/03/06 09:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit Software
[2010/08/04 21:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\gtk-2.0
[2010/06/16 17:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\IBMERS
[2011/03/02 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ICAClient
[2011/12/21 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2010/01/10 11:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\KeePass
[2010/10/19 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Pdfsvg
[2011/12/07 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ReGet Software
[2010/03/10 12:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\School Zone Preferences
[2011/07/20 14:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Sony Online Entertainment
[2011/06/23 20:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\TagScanner
[2010/12/14 15:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Unity
[2011/01/12 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Vso
[2011/12/27 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 01 January 2012 - 09:06 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, David! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)


Just follow the steps below and we'll start getting rid of this annoying malware ;)


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2011/12/13 15:53:45 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe -- (Retrogamer_2zService)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2011/12/13 15:53:53 | 000,000,000 | ---D | M]
[2011/12/13 15:59:42 | 000,000,000 | ---D | M] (Retrogamer) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\2zffxtbr@Retrogamer_2z.com
[2011/12/13 16:46:34 | 000,010,001 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\searchplugins\Retrogamer_2z.xml
O2 - BHO: (Search Assistant BHO) - {6ffed9d8-942f-4384-aa29-d3bd083a346a} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Retrogamer) - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll (MindSpark)
O4 - HKLM..\Run: [Retrogamer Search Scope Monitor] C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [Retrogamer_2z Browser Plugin Loader] C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe (VER_COMPANY_NAME)
O37 - HKCU\...exe [@ = 61d] -- "C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "%1" %* (Microsoft Corporation)
[2011/12/30 12:20:06 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe
[2011/12/13 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2z
[2011/12/13 15:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2zEI
[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:59:09 | 000,018,462 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2010/04/13 22:23:35 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2886491261
[2010/04/13 22:23:34 | 000,013,680 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\2886491261
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\7SkRgtbX5FlAM
[2010/04/13 21:51:51 | 000,013,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.



2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image



In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
cervada
Posted 01 January 2012 - 02:49 PM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Happy New Year BlackOxide! And thank you for your help!! So far so good. I've followed your instructions and below are the logs from OTL & aswMBR. Looking forward to the next steps.

David Cervantes
Spring, TX

OTL Log
All processes killed
========== OTL ==========
Service Retrogamer_2zService stopped successfully!
Service Retrogamer_2zService deleted successfully!
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbarsvc.exe moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin not found.
C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\2zffxtbr@Retrogamer_2z.com\chrome folder moved successfully.
C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\2zffxtbr@Retrogamer_2z.com folder moved successfully.
C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\searchplugins\Retrogamer_2z.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffed9d8-942f-4384-aa29-d3bd083a346a}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrcAs.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{54ba686e-738f-42fe-badd-d8cb7cfbc07e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54ba686e-738f-42fe-badd-d8cb7cfbc07e}\ deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Retrogamer Search Scope Monitor deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zSrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Retrogamer_2z Browser Plugin Loader deleted successfully.
C:\Program Files\Retrogamer_2z\bar\1.bin\2zbrmon.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\61d\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe moved successfully.
C:\Program Files\Retrogamer_2z\Retrogamer_2z\Cache folder moved successfully.
C:\Program Files\Retrogamer_2z\Retrogamer_2z folder moved successfully.
C:\Program Files\Retrogamer_2zEI\Installr\1.bin\chrome folder moved successfully.
C:\Program Files\Retrogamer_2zEI\Installr\1.bin folder moved successfully.
C:\Program Files\Retrogamer_2zEI\Installr folder moved successfully.
C:\Program Files\Retrogamer_2zEI folder moved successfully.
C:\Documents and Settings\David Cervantes\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q moved successfully.
C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q moved successfully.
C:\Documents and Settings\All Users\Application Data\2886491261 moved successfully.
C:\Documents and Settings\David Cervantes\Local Settings\Application Data\2886491261 moved successfully.
C:\Documents and Settings\David Cervantes\Local Settings\Application Data\7SkRgtbX5FlAM moved successfully.
C:\Documents and Settings\All Users\Application Data\7SkRgtbX5FlAM moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David Cervantes\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David Cervantes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: David Cervantes
->Temp folder emptied: 85126901 bytes
->Temporary Internet Files folder emptied: 4176506 bytes
->Java cache emptied: 10618896 bytes
->FireFox cache emptied: 42761393 bytes
->Flash cache emptied: 72504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3611136 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4526253 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144.00 mb


[EMPTYFLASH]

User: All Users

User: David Cervantes
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01012012_135506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswMBR log
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-01 14:25:18
-----------------------------
14:25:18.453 OS Version: Windows 5.1.2600 Service Pack 3
14:25:18.453 Number of processors: 2 586 0x209
14:25:18.453 ComputerName: DAVID-7D5AEA3F6 UserName: David Cervantes
14:25:20.671 Initialize success
14:25:29.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:25:29.343 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305244MB BusType: 3
14:25:29.375 Disk 0 MBR read successfully
14:25:29.375 Disk 0 MBR scan
14:25:29.375 Disk 0 Windows XP default MBR code
14:25:29.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
14:25:29.375 Disk 0 scanning sectors +625121280
14:25:29.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:25:34.796 Service scanning
14:25:35.828 Modules scanning
14:25:40.828 Disk 0 trace - called modules:
14:25:40.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:25:40.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5a3ab8]
14:25:40.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a605f18]
14:25:40.859 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5b2940]
14:25:40.859 Scan finished successfully
14:26:58.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Cervantes\Desktop\MBR.dat"
14:26:58.031 The log file has been saved successfully to "C:\Documents and Settings\David Cervantes\Desktop\aswMBR log 01.01.12.txt"
  • 0

#4
BlackOxide
Posted 01 January 2012 - 03:59 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
You're welcome and Happy New Year to you as well!

Lets now have a look to see if any items are still lurking around...


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



In your next reply
Please post the contents of...
OTL log
MBAM log
  • 0

#5
cervada
Posted 01 January 2012 - 05:27 PM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Again, so far so good! No more pop ups from XP Home Security 2012. There is a Windows Security Alert in the taskbar that open up Windows Security Center which shows that the Firewall is not monitored, but that's all. Below are the logs for OTL and MBAM.

David Cervantes
Spring, TX

OTL
OTL logfile created on: 1/1/2012 4:36:09 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David Cervantes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.09% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 228.83 Gb Free Space | 76.77% Space Free | Partition Type: NTFS

Computer Name: DAVID-7D5AEA3F6 | User Name: David Cervantes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 17:05:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Cervantes\Desktop\OTL.scr
PRC - [2011/12/16 05:28:30 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/06 14:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 13:59:07 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/01 13:59:07 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/12 09:47:39 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/06 22:05:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/06 22:05:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/04/01 14:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 14:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/12 09:47:42 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/17 19:36:33 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 13:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 22:03:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/06 22:03:39 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/08 15:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 15:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/04/15 09:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2002/04/15 09:50:00 | 000,040,750 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002/04/15 09:50:00 | 000,023,328 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/04/15 09:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lkbdflt2.sys -- (LKbdFlt2)
DRV - [2001/11/08 07:53:54 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001/10/28 12:34:46 | 000,153,760 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/08/17 12:12:02 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\D100IB5.SYS -- (D100IB)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.154
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:10&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2z\bar\1.bin\NP2zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 09:22:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/12 09:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2zffxtbr@Retrogamer_2z.com: C:\Program Files\Retrogamer_2z\bar\1.bin [2012/01/01 13:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 12:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 22:07:27 | 000,000,000 | ---D | M]

[2010/01/10 10:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Extensions
[2011/12/19 21:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions
[2011/07/20 14:10:26 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/21 18:41:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/07 15:47:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/04/11 19:33:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/17 21:07:01 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\[email protected]
[2011/09/18 22:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Cervantes\Application Data\Mozilla\Firefox\Profiles\w3zg6lsw.default\extensions\nostmp
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/19 19:41:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/13 15:54:09 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/01/01 13:55:20 | 000,000,000 | ---D | M] (Retrogamer) -- C:\PROGRAM FILES\RETROGAMER_2Z\BAR\1.BIN
[2011/11/12 12:08:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/29 17:39:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/12/12 09:47:39 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/09/02 17:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 12:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/01 13:55:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\David Cervantes\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.retro...2D&n=2011121316 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} https://www.worldgif...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595A9747-89A8-49CF-B478-CB9AFB31601A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 19:09:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{50cf2954-eb95-11df-bf51-806d6172696f}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2011/07/14 06:21:10 | 000,108,032 | ---- | M] ()
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{660a1db9-5f19-11e0-b609-009047029026}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{a1e8fab3-0274-11e0-9c8c-009047029026}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe
O33 - MountPoints2\{a8b8d6d6-1001-11e0-9cab-009047029026}\Shell\AutoRun\command - "" = L:\PMBP_Win.exe
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell - "" = AutoRun
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68affa4-2ff4-11e1-b76a-009047029026}\Shell\AutoRun\command - "" = E:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 14:24:50 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David Cervantes\Desktop\aswMBR.exe
[2012/01/01 13:55:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/01 13:54:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Cervantes\Desktop\OTL.scr
[2011/12/29 17:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/29 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/26 15:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Intelli-studio
[2011/12/26 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/26 13:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/12/26 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/12/26 12:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Gabby
[2011/12/25 18:49:48 | 000,129,875 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\mr97310c.sys
[2011/12/25 18:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Start Menu\Programs\MY CAMERA
[2011/12/25 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mars
[2011/12/23 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/22 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\ZPS13
[2011/12/22 23:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner
[2011/12/22 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\Zoner
[2011/12/21 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2011/12/13 15:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\PlaySega
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2011/12/13 15:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/12/13 15:54:13 | 000,819,200 | ---- | C] (Metaboli) -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.ocx
[2011/12/13 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Retrogamer_2z
[2011/12/12 09:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/12 09:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 09:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/05 15:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Cervantes\My Documents\Van payments
[2011/01/12 17:36:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.sys
[2010/03/27 12:32:47 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

========== Files - Modified Within 30 Days ==========

[2012/01/01 14:26:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Desktop\MBR.dat
[2012/01/01 14:22:54 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David Cervantes\Desktop\aswMBR.exe
[2012/01/01 13:58:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/01 13:57:45 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/01/01 13:57:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/01 13:55:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/01 13:29:49 | 141,958,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/30 17:05:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Cervantes\Desktop\OTL.scr
[2011/12/28 17:47:44 | 000,210,034 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/26 19:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 15:50:56 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:07:16 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/26 13:03:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/26 13:03:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/26 13:03:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/26 13:01:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/26 13:00:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:55:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:45 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/22 09:22:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:01 | 000,026,395 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:02 | 009,987,136 | ---- | M] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/14 10:27:48 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/09 17:24:02 | 000,214,298 | ---- | M] () -- C:\VoiceMessage.wav
[2011/12/08 11:41:52 | 000,000,073 | ---- | M] () -- C:\WINDOWS\booktracker.ini

========== Files Created - No Company Name ==========

[2012/01/01 14:26:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Desktop\MBR.dat
[2011/12/27 22:40:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 13:00:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/12/25 18:50:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2011/12/25 18:49:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2011/12/25 18:49:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2011/12/25 18:49:45 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Desktop\MY CAMERA.lnk
[2011/12/15 22:50:03 | 000,034,500 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 5.JPG
[2011/12/15 22:48:44 | 000,019,724 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 4.JPG
[2011/12/15 22:47:19 | 000,035,493 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 3.JPG
[2011/12/15 22:37:24 | 000,023,231 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2.JPG
[2011/12/15 22:35:03 | 000,031,764 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.JPG
[2011/12/15 22:34:56 | 000,798,622 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Christmas 2011.bmp
[2011/12/15 22:32:00 | 000,026,395 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.JPG
[2011/12/15 22:31:09 | 000,658,998 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella1.bmp
[2011/12/15 22:28:53 | 000,025,323 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\Bella.JPG
[2011/12/14 12:03:35 | 005,375,882 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016-06 Durango.pdf
[2011/12/14 12:03:01 | 009,987,136 | ---- | C] () -- C:\Documents and Settings\David Cervantes\My Documents\1-AP016 Durango_2005.pdf
[2011/12/13 15:54:13 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\GameTapWebPlayer_4_4_0_7.inf
[2011/12/09 18:44:58 | 000,214,298 | ---- | C] () -- C:\VoiceMessage.wav
[2011/08/21 18:54:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\booktracker.ini
[2011/07/12 15:19:26 | 000,000,218 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/02/05 20:00:51 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/02/05 20:00:51 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/02/05 20:00:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/05 20:00:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/05 20:00:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/02/03 18:03:53 | 000,022,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/12 17:36:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\inst.exe
[2011/01/12 17:36:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.cat
[2011/01/12 17:36:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Application Data\pcouffin.inf
[2010/07/27 11:22:40 | 000,000,942 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/06/26 22:40:09 | 000,080,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/27 12:48:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2010/01/10 21:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2010/01/10 21:13:29 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2010/01/10 19:12:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 19:06:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/10 17:59:52 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\David Cervantes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/10 17:45:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/10 17:24:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/01/10 11:52:37 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/10 10:35:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/09 23:27:57 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/09 18:52:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/09 18:49:17 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/01 00:31:10 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/01 00:31:08 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/01 00:31:08 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/08/06 22:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/12/12 14:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010/11/03 14:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/19 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 17:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/10 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/03/02 20:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/19 17:54:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/13 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2010/06/16 17:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2010/12/28 11:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/10/02 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/22 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/03 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/19 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\AVG10
[2010/01/10 17:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Canneverbe_Limited
[2010/09/18 19:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\CloneSpy
[2010/01/10 20:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\DeviceDoctorSoftware
[2010/05/29 21:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\FinalMediaPlayer
[2010/04/03 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\flightgear.org
[2010/04/05 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\fltk.org
[2010/01/13 18:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit
[2010/03/06 09:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Foxit Software
[2010/08/04 21:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\gtk-2.0
[2010/06/16 17:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\IBMERS
[2011/03/02 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ICAClient
[2011/12/21 18:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\JCP
[2010/01/10 11:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\KeePass
[2010/10/19 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Pdfsvg
[2011/12/07 23:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\ReGet Software
[2010/03/10 12:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\School Zone Preferences
[2011/07/20 14:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Sony Online Entertainment
[2011/06/23 20:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\TagScanner
[2010/12/14 15:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Unity
[2011/01/12 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Vso
[2011/12/27 20:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Cervantes\Application Data\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 4 bytes -> C:\WINDOWS\win.ini:s1

< End of report >


MBAN
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David Cervantes :: DAVID-7D5AEA3F6 [administrator]

1/1/2012 4:55:31 PM
mbam-log-2012-01-01 (16-55-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 161478
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\David Cervantes\Local Settings\Application Data\ryl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
BlackOxide
Posted 02 January 2012 - 06:39 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Looking much better now :)

Lets take a look at your Firewall and Security.


Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#7
cervada
Posted 02 January 2012 - 09:12 AM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Looking better and running much better, thanks! Below is the report for Security Check.

David Cervantes
Spring, TX


Security Check Log:
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareGuard v2.2
SUPERAntiSpyware
Windows Defender
CCleaner
Duplicate Cleaner 1.4.5
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox 8.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
  • 0

#8
BlackOxide
Posted 02 January 2012 - 10:17 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:thumbsup:

Lets update a few programs on your PC to their latest versions.


1)
Update Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed

2)
Update Firefox
  • Click Help at the top (or the orange Firefox button if it is visible), then in the Help submenu click About Firefox
  • It will automatically check for updates
  • Click the Apply Update button when it is visible
  • Firefox will now update itself to the latest verision


Can you tell me what AVG product you have installed. For example, AVG Free, AVG Internet Security etc?
  • 0

#9
cervada
Posted 02 January 2012 - 11:56 AM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Updates run on both Java and Firefox. Currently, I have AVG Free installed, but will probably purchase upgrade.

David Cervantes
Spring, TX
  • 0

#10
BlackOxide
Posted 02 January 2012 - 01:24 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, we'll update AVG to it's latest version which is 2012 and rectify the Firewall message if it is still being displayed.

Let me know how you get on with the steps below and whether after doing them, the Firewall message has now disappeared.


1)
Upgrade AVG Free
  • Click here to download the installer for AVG Free 2012
  • Once downloaded, double click on the installer and follow the onscreen prompts to install it
  • This will automatically remove 2011 and install 2012


2)
Turn On Windows Firewall (Windows XP)
  • Click Start, click Run, type Firewall.cpl and then click OK
  • On the General tab, click On (recommended)
  • Click OK
  • Windows Firewall should now be switched on.

  • 0

Advertisements

#11
cervada
Posted 02 January 2012 - 02:18 PM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Everything is still looking good. I updated to AVG Free 2012 and turned on the firewall. The Windows Security Alert notification in the taskbar is still there and when opened it shows the firewall indicator On and the Automatic Updates Off. Nothing else looks out of the ordinary.

David Cervantes
Spring, TX
  • 0

#12
BlackOxide
Posted 02 January 2012 - 04:04 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
That's good, lets now get the Updates sorted. Hopefully the utility below will do that for us :)


Windows XP Automatic Updates
  • Click here to download the Fixit utility from Microsoft
  • Double click on the downloaded file and follow the onscreen prompts to run it
  • If the Windows Security Center message is still visible, please reboot your PC

  • 0

#13
cervada
Posted 02 January 2012 - 04:49 PM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I ran the Fixit to sort Windows XP Automatic Updates, but the Windows Security Alert message is still visible even after rebooting the PC a couple of times. When I click on the message in the task bar and it open the Windows Security Center it still shows that Automatic Updates is turned off, however, when I navigate to the Automatic Updates settings window it shows that they are on Automatic. Not sure why the message is still showing up in the task bar. FYI, when I updated AVG I opted for the free 30 day trial of AVG Internet Security 2012.

David Cervantes
Spring, TX
  • 0

#14
BlackOxide
Posted 02 January 2012 - 06:04 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok no worries. Let's see if we can get it reading the correct state of Windows Update. Try the following for me please...

Click Start, then click Run.
In the Run dialogue box type regsvr32 wuaueng.dll and then click OK
Reboot the PC and check to see if the Security Center warning is still present.


That's fine with the AVG. Always a good idea to have a go with Trial version before purchasing :)
  • 0

#15
cervada
Posted 02 January 2012 - 06:17 PM

cervada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
That seems to have done the trick. The message in the taskbar is gone and everything looks normal. I can't thank you enough!

David Cervantes
Spring, TX
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP