Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSW.Generic9.RDX [Closed]


  • This topic is locked This topic is locked

#1
KAM_MAN

KAM_MAN

    Member

  • Member
  • PipPip
  • 15 posts
Hello

I keep getting this warning alert from AVG saying that a virus has been found ("Trojan horse PSW.Generic9.RDX") . I click heal but does not workit keeps coming back, I have tried fixing it through AVG and Malwarebyte, it's still there. I can't delete it as the system won't let me.

Thanks in advance to anyone that can help

Thanks

Kam
  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG. Let's help you out with your malware issue(s).

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.


Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Step 2

Download OTL.exe from here and save it to the Desktop.

Run OTL.
  • Click the Quick Scan button at the top.
  • When done, post the content of the resultant log in your next reply.

  • 0

#3
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak

Thank you for a fast response, please see attached logs for the scans you asked me to run.
I look forward to your response
thanks
Kam

Attached File  aswMBR.txt   2.15KB   34 downloads
Attached File  OTL.Txt   97.73KB   25 downloads
  • 0

#4
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Could you please paste the requested contents directly in your posts from now on rather than as attached logs? Would make things easier for me to read. Thanks in advance.

Go to My Documents\Downloads and open Extras.txt file to paste in its contents in your next reply.


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    O33 - MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = F:\lhylec9x.cmd
    O33 - MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = F:\lhylec9x.cmd
    O33 - MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = G:\lhylec9x.cmd
    O33 - MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = G:\lhylec9x.cmd
    O33 - MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = H:\lhylec9x.cmd
    O33 - MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = H:\lhylec9x.cmd
    O33 - MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\Shell\AutoRun\command - "" = E:\DWizard615.exe
    O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
    
    :COMMANDS
    [emptytemp]
    
  • Click the Run Fix button at the top.
  • When done, post the content of the resultant log in your next reply.


Step 2

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click Check for Updates.
  • After the update has been completed, select the Scanner tab.
  • Select Perform quick scan, then click on the Scan button.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Make sure all items are checked and click on Remove Selected.
  • If asked to restart the computer, please do so immediately.
  • Post the contents of the resultant log in your next reply. You can access the log in the Logs tab.


Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    c:\dxgthk.sys /s /md5
    
  • Click the Run Scan button at the top.
  • Make sure you post the log it produces in your next reply.

  • 0

#5
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak

Please see attached logs for the scans you asked me to run.I hope I have correctly done what you asked. If i have failed to understand please let me know.
I look forward to your response


OTL Extras logfile created on: 10/01/2012 00:11:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.27% Memory free
3.83 Gb Paging File | 3.14 Gb Available in Paging File | 81.97% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.43 Gb Total Space | 41.38 Gb Free Space | 35.54% Space Free | Partition Type: NTFS
Drive D: | 116.43 Gb Total Space | 116.29 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Computer Name: YOUR-2XX4MKUBCK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Kin_X\Ares\Ares.exe" = F:\Kin_X\Ares\Ares.exe:*:Disabled:Ares p2p for windows
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Disabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager
"C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe" = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe:*:Enabled:Audible Download Manager -- (Audible, Inc.)
"C:\Program Files\Audible\Bin\Manager.exe" = C:\Program Files\Audible\Bin\Manager.exe:*:Enabled:AudibleManager -- (Audible Inc.)
"C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe" = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe:*:Enabled: SuperHybridEngine -- (ASUSTeK Computer Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & Officejet 5.3.B Corporate Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C549017A-FFAB-4679-9112-26E83DD82DB5}" = Enterprise
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Print Software" = ALDI Print Software
"Any Video Converter_is1" = Any Video Converter 3.2.2
"AudibleManager" = AudibleManager
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Garden Planner_is1" = Garden Planner 2.5
"GENEUIDE" = USB Storage Driver
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SmartDraw VP" = SmartDraw VP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"GoToAssist Express Expert" = GoToAssist Expert 1.6.0.309

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f67-a570-11df-af13-002618779e1b}\ not found.
File F:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f67-a570-11df-af13-002618779e1b}\ not found.
File F:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f68-a570-11df-af13-002618779e1b}\ not found.
File G:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f68-a570-11df-af13-002618779e1b}\ not found.
File G:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f69-a570-11df-af13-002618779e1b}\ not found.
File H:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401b1f69-a570-11df-af13-002618779e1b}\ not found.
File H:\lhylec9x.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d432-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d432-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d432-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d432-05f4-11e1-b216-002618779e1b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d435-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d435-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fd9d435-05f4-11e1-b216-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fd9d435-05f4-11e1-b216-002618779e1b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e77898-1e99-11e0-b053-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e77898-1e99-11e0-b053-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e77898-1e99-11e0-b053-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e77898-1e99-11e0-b053-002618779e1b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a266c8c2-3047-11e1-b280-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a266c8c2-3047-11e1-b280-002618779e1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a266c8c2-3047-11e1-b280-002618779e1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a266c8c2-3047-11e1-b280-002618779e1b}\ not found.
File E:\DWizard615.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7cf2138-863c-11de-bb57-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7cf2138-863c-11de-bb57-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7cf2138-863c-11de-bb57-806d6172696f}\ not found.
File E:\setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2052728 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1980168 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 451841660 bytes
->Temporary Internet Files folder emptied: 5950366 bytes
->Java cache emptied: 6338145 bytes
->FireFox cache emptied: 200470533 bytes
->Google Chrome cache emptied: 35953536 bytes
->Flash cache emptied: 151000 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1459119 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89995071 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26936568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 785.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01102012_222618

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_878.dat not found!
File move failed. C:\WINDOWS\temp\4a2bc6c6 scheduled to be moved on reboot.
C:\WINDOWS\temp\a68bf3f6 moved successfully.
File move failed. C:\WINDOWS\temp\cb816b1a scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\cfdc5971 scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_1f4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f88.dat moved successfully.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-2XX4MKUBCK [administrator]

10/01/2012 22:48:59
mbam-log-2012-01-10 (22-48-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189357
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL logfile created on: 10/01/2012 23:10:00 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.99% Memory free
3.83 Gb Paging File | 3.05 Gb Available in Paging File | 79.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.43 Gb Total Space | 42.62 Gb Free Space | 36.60% Space Free | Partition Type: NTFS
Drive D: | 116.43 Gb Total Space | 116.29 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Computer Name: YOUR-2XX4MKUBCK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 00:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/01/09 00:59:36 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/09 00:59:33 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/08 10:31:15 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/02 23:36:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/06 15:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/16 06:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/06/06 01:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/12 22:18:01 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009/10/06 10:06:44 | 002,147,656 | ---- | M] (Audible Inc.) -- C:\Program Files\Audible\Bin\Manager.exe
PRC - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/14 17:03:50 | 001,880,639 | ---- | M] (ICQ Inc.) -- C:\Program Files\ICQ\Icq.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 00:59:54 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/01/09 00:59:50 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2012/01/08 10:31:15 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/02 23:36:15 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/16 06:55:10 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/08/24 16:28:27 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/10/14 16:57:08 | 000,163,907 | ---- | M] () -- C:\Program Files\ICQ\ICQPlug.dll
MOD - [2003/10/14 16:48:48 | 000,053,856 | ---- | M] () -- C:\Program Files\ICQ\ICQSMSST.dll
MOD - [2003/10/14 16:43:08 | 000,110,181 | ---- | M] () -- C:\Program Files\ICQ\ICQRndP.dll
MOD - [2003/10/14 16:40:30 | 000,461,931 | ---- | M] () -- C:\Program Files\ICQ\ICQCool.dll
MOD - [2003/10/14 16:39:00 | 000,052,316 | ---- | M] () -- C:\Program Files\ICQ\ICQTsLib.dll
MOD - [2003/10/14 16:37:22 | 000,037,977 | ---- | M] () -- C:\Program Files\ICQ\ICQTicker.dll
MOD - [2003/10/14 16:32:48 | 000,061,030 | ---- | M] () -- C:\Program Files\ICQ\ICQConLb.dll
MOD - [2003/10/14 16:30:54 | 000,155,229 | ---- | M] () -- C:\Program Files\ICQ\ICQDBService.dll
MOD - [2003/10/14 16:30:24 | 000,198,739 | ---- | M] () -- C:\Program Files\ICQ\ICQProLib.dll
MOD - [2003/10/14 16:28:44 | 000,078,928 | ---- | M] () -- C:\Program Files\ICQ\ICQFTLib.dll
MOD - [2003/10/14 16:26:46 | 000,123,481 | ---- | M] () -- C:\Program Files\ICQ\ICQSmartDll.dll
MOD - [2003/10/14 16:26:28 | 000,458,333 | ---- | M] () -- C:\Program Files\ICQ\icquiex.dll
MOD - [2003/10/14 16:24:22 | 000,037,980 | ---- | M] () -- C:\Program Files\ICQ\ICQSkinUtils.dll
MOD - [2003/10/14 16:24:06 | 000,055,385 | ---- | M] () -- C:\Program Files\ICQ\icqsock.dll
MOD - [2003/10/14 16:21:10 | 000,052,303 | ---- | M] () -- C:\Program Files\ICQ\icqwcom.dll
MOD - [2003/10/14 16:20:42 | 000,136,271 | ---- | M] () -- C:\Program Files\ICQ\icqwutl.dll
MOD - [2003/10/14 16:19:50 | 000,061,519 | ---- | M] () -- C:\Program Files\ICQ\icqcutl.dll
MOD - [2003/10/14 16:19:26 | 000,032,841 | ---- | M] () -- C:\Program Files\ICQ\icqrt.dll
MOD - [2003/05/05 14:03:10 | 000,380,928 | ---- | M] () -- C:\Program Files\ICQ\actskin4.ocx
MOD - [2001/05/17 12:51:54 | 000,053,248 | ---- | M] () -- C:\Program Files\ICQ\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (scan)
SRV - File not found [Auto | Stopped] -- -- (RadialpointIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/09 00:59:33 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/06 15:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 15:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/06 15:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/02/09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/09/29 17:18:30 | 005,920,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/11 01:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/03/14 06:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 23:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 05:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/27 15:39:18 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)
DRV - [2008/11/19 08:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 22:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.bbc.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..keyword.URL: "http://badoo.com/sta...?source=bsb&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/08 10:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.23\ [2012/01/08 10:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 23:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 23:56:01 | 000,000,000 | ---D | M]

[2010/08/23 22:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/01/08 11:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions
[2010/09/26 14:20:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/09/26 20:44:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/25 21:18:33 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2012/01/08 11:12:06 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\[email protected]
[2011/09/25 21:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/25 21:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/07/11 19:52:21 | 000,002,023 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\searchplugins\badoo.xml
[2011/11/23 21:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 20:53:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/02 23:36:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/02 23:36:11 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/08 10:31:14 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/02 23:36:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/02 23:36:11 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/02 23:36:11 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/02 23:36:11 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DF10F-A223-45C0-B25F-A715E9D2B938}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/16 12:12:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 22:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/08 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/01/08 11:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2012/01/08 11:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2012/01/08 10:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2012/01/08 10:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/01/08 10:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2012/01/08 10:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/08 10:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/08 10:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/08 10:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/08 10:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/08 09:46:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/08 09:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/01/08 09:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/08 00:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/08 00:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2012/01/08 00:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2012/01/06 00:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/06 00:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/27 11:33:08 | 000,000,000 | ---D | C] -- C:\nero
[2011/12/27 11:27:48 | 000,036,864 | R--- | C] (General) -- C:\WINDOWS\System32\usbmonit.exe
[2011/12/27 11:27:46 | 000,021,916 | R--- | C] (General) -- C:\WINDOWS\System32\drivers\geneuide.sys
[2011/12/18 13:21:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/12/17 12:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nuance
[2011/12/17 11:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking 11.5
[2011/12/17 11:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IVA
[2011/12/17 11:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2011/12/17 11:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2011/12/17 11:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/12/17 09:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
[2011/12/16 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nuance(2)
[2011/12/16 20:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FLEXnet
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance(2)
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance(2)
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/12 07:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 07:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2012/01/10 23:11:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/10 23:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1396501628-957317575-3343094678-1003UA.job
[2012/01/10 22:35:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/10 22:34:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2012/01/10 22:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 21:03:34 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2007.lnk
[2012/01/10 04:06:29 | 086,385,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/10 04:05:29 | 000,046,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/10 01:06:27 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/10 00:08:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/01/08 22:12:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 19:54:01 | 000,206,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120108_195343.reg
[2012/01/08 19:06:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 18:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1396501628-957317575-3343094678-1003Core.job
[2012/01/08 13:21:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100825132120.job
[2012/01/08 10:31:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/08 00:27:10 | 000,000,438 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012/01/07 03:55:55 | 000,346,610 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/07 03:55:29 | 000,172,645 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/06 22:32:26 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/06 22:02:47 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 00:46:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/03 23:25:13 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/01/03 20:42:27 | 000,009,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120103_204215.reg
[2012/01/02 17:00:54 | 000,467,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 17:00:54 | 000,081,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/01 02:58:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/01 02:58:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/30 18:36:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk
[2011/12/29 21:09:17 | 000,267,228 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20111229_210905.reg
[2011/12/29 18:22:08 | 000,004,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Speedtest.net - The Global Broadband Speed Test.htm
[2011/12/26 18:55:04 | 000,003,118 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SAS7_000.DAT
[2011/12/26 18:54:23 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk
[2011/12/26 13:27:57 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/17 10:45:54 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 10:15:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/01/10 04:06:29 | 086,385,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/10 04:05:29 | 000,046,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/10 00:08:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/01/08 21:25:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 19:53:50 | 000,206,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120108_195343.reg
[2012/01/08 11:12:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/08 10:31:30 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/08 10:29:53 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2012/01/08 00:22:20 | 000,000,438 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012/01/06 22:32:26 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/06 22:30:12 | 000,346,610 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/06 22:29:21 | 000,172,645 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/06 22:02:47 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 00:46:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/03 20:42:22 | 000,009,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120103_204215.reg
[2011/12/29 21:09:08 | 000,267,228 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20111229_210905.reg
[2011/12/29 18:22:03 | 000,004,119 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Speedtest.net - The Global Broadband Speed Test.htm
[2011/12/27 11:27:48 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2011/12/27 11:27:48 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2011/12/17 11:44:32 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk
[2011/11/30 22:04:38 | 000,076,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/08 21:37:11 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/10/06 22:46:55 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/10/01 21:46:11 | 000,003,118 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SAS7_000.DAT
[2011/04/24 01:59:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/24 01:59:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/11 21:03:51 | 000,000,182 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2010/11/16 22:52:05 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ini.xml
[2010/09/23 13:49:52 | 000,105,619 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/09/23 13:49:51 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/09/11 14:06:13 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/09/05 12:16:08 | 000,137,313 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/04 17:27:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/25 19:40:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/08/23 23:10:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/23 22:22:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/23 21:28:04 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 21:25:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 17:47:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/20 12:24:12 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/08/12 08:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 07:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 07:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 07:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 19:42:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/08/11 19:42:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/08/11 19:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 19:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 19:01:03 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/11 19:01:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/11 18:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 13:18:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/11 13:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/11 13:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/08/11 13:03:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/11 13:03:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/11 13:03:14 | 000,467,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/11 13:03:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/11 13:03:14 | 000,081,072 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/11 13:03:14 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/11 13:03:14 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/11 13:03:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/11 13:03:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/11 13:03:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/11 13:03:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/11 13:03:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/11 06:10:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/11 06:09:40 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< c:\dxgthk.sys /s /md5 >
[2008/04/14 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- c:\WINDOWS\system32\dllcache\dxgthk.sys
[2008/04/14 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- c:\WINDOWS\system32\drivers\dxgthk.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >




thanks
Kam
  • 0

#6
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Please do a full scan with AVG and post the contents of the scan report here once done.

Let me know if you need help figuring out how to retrieve the report.
  • 0

#7
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak
Please let me know how to retrieve scan report.
I look forward to your response
thanks
Kam
  • 0

#8
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, I'll check it out soon. In the meantime, that virus alert you keep getting, does it mention the filename itself? If so, please state it here the next time you get the alert.
  • 0

#9
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
1. Open the AVG Program.
2. On the History menu, click Scan results.
3. Double-click the scan result you want to export (a recent scan where malicious code was detected - it will have a blue or red icon).
4. Switch to the Details tab, if using AVG 2012.
5. Click the Export overview to file... blue text.
6. Type a name for the file and save it to your computer (we recommend saving it to your Desktop).
7. Right-click on the newly created file and click Edit.
8. Paste the contents here in your next reply.
  • 0

#10
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak

Please see the error message I get running AVG and the results from the scan. If you need more info please let me know

thanks
Kam




avg message


"";"C:\WINDOWS\system32\services.exe (1056):\memory_01240000";"Trojan horse PSW.Generic9.RDX";"Infected"
"";"C:\WINDOWS\system32\services.exe (1056)";"Trojan horse PSW.Generic9.RDX";"Deleted"



avg report

"Scan ""Whole computer scan"" completed."
"Infections";"2";"1";"1"
"Warnings";"8";"6";"2"
"Information";"2"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"12 January 2012, 00:58:12"
"Scan finished:";"12 January 2012, 01:18:15 (20 minute(s) 3 second(s))"
"Total object scanned:";"859567"
"User who launched the scan:";"Owner"

"Infections"
"";"File";"Infection";"Result"
"";"C:\WINDOWS\system32\services.exe (1056):\memory_01240000";"Trojan horse PSW.Generic9.RDX";"Infected"
"";"C:\WINDOWS\system32\services.exe (1056)";"Trojan horse PSW.Generic9.RDX";"Deleted"

"Warnings"
"";"File";"Infection";"Result"
"";"C:\Documents and Settings\Owner\My Documents\Downloads\WindowsXP-KB936929-SP3-x86-ENU(7).exe.part";"Corrupted executable file";"Potentially dangerous object"
"";"C:\Documents and Settings\Owner\My Documents\Downloads\WindowsXP-KB936929-SP3-x86-ENU(6).exe.part";"Corrupted executable file";"Potentially dangerous object"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt";"Found Tracking cookie.Yieldmanager";"Healed"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\CPP5WTLP.txt:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

"Information"
"";"File";"Information";"Result"
"";"C:\Documents and Settings\Owner\My Documents\Downloads\GoogleSketchUpWEN.exe";"The file is signed with a broken digital signature, issued by: Google Inc.";""
"";"C:\Documents and Settings\Owner\Desktop\Registry Mechanic\RegMech.exe";"The file is signed with a broken digital signature, issued by: PC Tools.";""
  • 0

Advertisements


#11
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
    
  • Click the Run Fix button at the top.
  • When done, post the content of the resultant log in your next reply.


Step 2

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click Check for Updates.
  • After the update has been completed, select the Scanner tab.
  • Select Perform quick scan, then click on the Scan button.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Make sure all items are checked and click on Remove Selected.
  • If asked to restart the computer, please do so immediately.
  • Post the contents of the resultant log in your next reply. You can access the log in the Logs tab.


Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    c:\services.exe /s /md5
    
  • Click the Run Scan button at the top.
  • Make sure you post the log it produces in your next reply.

  • 0

#12
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak

Thanks for your help so far, please see following results for scans/logs as requested.
Kam

========== OTL ==========
Unable to delete ADS C:\WINDOWS\System32\services.exe:SummaryInformation .

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_103603



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-2XX4MKUBCK [administrator]

14/01/2012 10:36:51
mbam-log-2012-01-14 (10-36-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191164
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 14/01/2012 10:56:03 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.01% Memory free
3.83 Gb Paging File | 2.74 Gb Available in Paging File | 71.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.43 Gb Total Space | 43.42 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
Drive D: | 116.43 Gb Total Space | 116.29 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Computer Name: YOUR-2XX4MKUBCK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 00:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/01/09 00:59:36 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/09 00:59:33 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/08 10:31:15 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/02 23:36:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/06 15:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/16 06:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/06/06 01:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2011/01/12 22:18:01 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009/10/06 10:06:44 | 002,147,656 | ---- | M] (Audible Inc.) -- C:\Program Files\Audible\Bin\Manager.exe
PRC - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/14 17:03:50 | 001,880,639 | ---- | M] (ICQ Inc.) -- C:\Program Files\ICQ\Icq.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 00:59:54 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/01/09 00:59:50 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2012/01/08 10:31:15 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/06 00:47:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2012/01/02 23:36:15 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/16 06:55:10 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/11/12 18:52:46 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/08/24 16:28:27 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/29 06:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/10/26 04:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/27 14:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2003/10/14 16:57:08 | 000,163,907 | ---- | M] () -- C:\Program Files\ICQ\ICQPlug.dll
MOD - [2003/10/14 16:48:48 | 000,053,856 | ---- | M] () -- C:\Program Files\ICQ\ICQSMSST.dll
MOD - [2003/10/14 16:43:08 | 000,110,181 | ---- | M] () -- C:\Program Files\ICQ\ICQRndP.dll
MOD - [2003/10/14 16:40:30 | 000,461,931 | ---- | M] () -- C:\Program Files\ICQ\ICQCool.dll
MOD - [2003/10/14 16:39:00 | 000,052,316 | ---- | M] () -- C:\Program Files\ICQ\ICQTsLib.dll
MOD - [2003/10/14 16:37:22 | 000,037,977 | ---- | M] () -- C:\Program Files\ICQ\ICQTicker.dll
MOD - [2003/10/14 16:32:48 | 000,061,030 | ---- | M] () -- C:\Program Files\ICQ\ICQConLb.dll
MOD - [2003/10/14 16:30:54 | 000,155,229 | ---- | M] () -- C:\Program Files\ICQ\ICQDBService.dll
MOD - [2003/10/14 16:30:24 | 000,198,739 | ---- | M] () -- C:\Program Files\ICQ\ICQProLib.dll
MOD - [2003/10/14 16:28:44 | 000,078,928 | ---- | M] () -- C:\Program Files\ICQ\ICQFTLib.dll
MOD - [2003/10/14 16:26:46 | 000,123,481 | ---- | M] () -- C:\Program Files\ICQ\ICQSmartDll.dll
MOD - [2003/10/14 16:26:28 | 000,458,333 | ---- | M] () -- C:\Program Files\ICQ\icquiex.dll
MOD - [2003/10/14 16:24:22 | 000,037,980 | ---- | M] () -- C:\Program Files\ICQ\ICQSkinUtils.dll
MOD - [2003/10/14 16:24:06 | 000,055,385 | ---- | M] () -- C:\Program Files\ICQ\icqsock.dll
MOD - [2003/10/14 16:21:10 | 000,052,303 | ---- | M] () -- C:\Program Files\ICQ\icqwcom.dll
MOD - [2003/10/14 16:20:42 | 000,136,271 | ---- | M] () -- C:\Program Files\ICQ\icqwutl.dll
MOD - [2003/10/14 16:19:50 | 000,061,519 | ---- | M] () -- C:\Program Files\ICQ\icqcutl.dll
MOD - [2003/10/14 16:19:26 | 000,032,841 | ---- | M] () -- C:\Program Files\ICQ\icqrt.dll
MOD - [2003/05/05 14:03:10 | 000,380,928 | ---- | M] () -- C:\Program Files\ICQ\actskin4.ocx
MOD - [2001/05/17 12:51:54 | 000,053,248 | ---- | M] () -- C:\Program Files\ICQ\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (scan)
SRV - File not found [Auto | Stopped] -- -- (RadialpointIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/09 00:59:33 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/01/08 10:31:18 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/06 15:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 15:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2012/01/14 10:29:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/11 02:37:32 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\9577003drv.sys -- (9577003drv)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/06 15:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/02/09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/09/29 17:18:30 | 005,920,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/11 01:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/03/14 06:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 23:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 05:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/27 15:39:18 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)
DRV - [2008/11/19 08:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/10/09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 22:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.bbc.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..keyword.URL: "http://badoo.com/sta...?source=bsb&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/08 10:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.23\ [2012/01/08 10:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 23:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 23:56:01 | 000,000,000 | ---D | M]

[2010/08/23 22:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/01/12 22:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions
[2010/09/26 14:20:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/09/26 20:44:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/25 21:18:33 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2012/01/08 11:12:06 | 000,000,000 | ---D | M] (Support.com Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\[email protected]
[2012/01/12 22:50:33 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\[email protected]
[2011/09/25 21:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2011/09/25 21:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions\in-contentUI
[2011/07/11 19:52:21 | 000,002,023 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\searchplugins\badoo.xml
[2011/11/23 21:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 20:53:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/02 23:36:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/02 23:36:11 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/08 10:31:14 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/02 23:36:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/02 23:36:11 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/02 23:36:11 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/02 23:36:11 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DF10F-A223-45C0-B25F-A715E9D2B938}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/16 12:12:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 10:29:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/13 20:52:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/12 22:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2012/01/12 22:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Alarm Clock
[2012/01/12 22:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm Clock
[2012/01/11 00:26:35 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9577003drv.sys
[2012/01/10 22:24:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/10 00:09:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/08 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/01/08 11:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2012/01/08 11:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2012/01/08 10:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2012/01/08 10:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/01/08 10:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2012/01/08 10:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/08 10:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/08 10:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/08 10:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/08 10:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/08 09:46:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/08 09:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/01/08 09:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/08 00:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/08 00:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Downloads
[2012/01/08 00:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2012/01/06 00:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/01/06 00:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/04 23:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/27 11:33:08 | 000,000,000 | ---D | C] -- C:\nero
[2011/12/27 11:27:48 | 000,036,864 | R--- | C] (General) -- C:\WINDOWS\System32\usbmonit.exe
[2011/12/27 11:27:46 | 000,021,916 | R--- | C] (General) -- C:\WINDOWS\System32\drivers\geneuide.sys
[2011/12/18 13:21:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/12/17 12:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nuance
[2011/12/17 11:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking 11.5
[2011/12/17 11:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IVA
[2011/12/17 11:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2011/12/17 11:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2011/12/17 11:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/12/17 09:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Scansoft
[2011/12/16 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nuance(2)
[2011/12/16 20:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FLEXnet
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance(2)
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance(2)
[2011/12/16 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/12 07:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 07:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 11:11:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/14 11:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1396501628-957317575-3343094678-1003UA.job
[2012/01/14 10:46:01 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2007.lnk
[2012/01/14 10:29:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/14 05:16:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2012/01/14 05:11:15 | 000,086,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/14 04:15:39 | 086,694,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/13 21:08:48 | 000,004,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avg results.csv
[2012/01/13 20:49:36 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/13 20:48:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/13 01:34:08 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/12 22:49:52 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Alarm Clock.lnk
[2012/01/12 00:07:12 | 000,005,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VG.csv
[2012/01/12 00:02:43 | 000,005,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AVG.csv
[2012/01/11 02:37:32 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9577003drv.sys
[2012/01/10 00:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/10 00:08:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/01/08 22:12:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 19:54:01 | 000,206,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120108_195343.reg
[2012/01/08 19:06:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 18:09:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1396501628-957317575-3343094678-1003Core.job
[2012/01/08 13:21:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100825132120.job
[2012/01/08 10:31:30 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/08 00:27:10 | 000,000,438 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012/01/07 03:55:55 | 000,346,610 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/07 03:55:29 | 000,172,645 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/06 22:32:26 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/06 22:02:47 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 00:46:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/03 23:25:13 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/01/03 20:42:27 | 000,009,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120103_204215.reg
[2012/01/02 17:00:54 | 000,467,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 17:00:54 | 000,081,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/01 02:58:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/01 02:58:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/30 18:36:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk
[2011/12/29 21:09:17 | 000,267,228 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20111229_210905.reg
[2011/12/29 18:22:08 | 000,004,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Speedtest.net - The Global Broadband Speed Test.htm
[2011/12/26 18:55:04 | 000,003,118 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SAS7_000.DAT
[2011/12/26 18:54:23 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk
[2011/12/26 13:27:57 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/17 10:45:54 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/17 10:15:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 05:11:15 | 000,086,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/14 04:15:39 | 086,694,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/13 21:08:48 | 000,004,622 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avg results.csv
[2012/01/12 22:49:52 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Alarm Clock.lnk
[2012/01/12 00:07:12 | 000,005,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VG.csv
[2012/01/12 00:02:43 | 000,005,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AVG.csv
[2012/01/10 00:08:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/01/08 21:25:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/08 19:53:50 | 000,206,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120108_195343.reg
[2012/01/08 11:12:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/08 10:31:30 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/08 10:29:53 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2012/01/08 00:22:20 | 000,000,438 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012/01/06 22:32:26 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/01/06 22:30:12 | 000,346,610 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/01/06 22:29:21 | 000,172,645 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/01/06 22:02:47 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/01/06 00:46:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/01/03 20:42:22 | 000,009,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120103_204215.reg
[2011/12/29 21:09:08 | 000,267,228 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20111229_210905.reg
[2011/12/29 18:22:03 | 000,004,119 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Speedtest.net - The Global Broadband Speed Test.htm
[2011/12/27 11:27:48 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\deluidrv.exe
[2011/12/27 11:27:48 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\delentry.exe
[2011/12/17 11:44:32 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk
[2011/11/30 22:04:38 | 000,076,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/08 21:37:11 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/10/06 22:46:55 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2011/10/01 21:46:11 | 000,003,118 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\SAS7_000.DAT
[2011/04/24 01:59:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/24 01:59:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/11 21:03:51 | 000,000,182 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2010/11/16 22:52:05 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ini.xml
[2010/09/23 13:49:52 | 000,105,619 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/09/23 13:49:51 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/09/11 14:06:13 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/09/05 12:16:08 | 000,137,313 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/04 17:27:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/25 19:40:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/08/23 23:10:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/23 22:22:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/23 21:28:04 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 21:25:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 17:47:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/20 12:24:12 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/08/12 08:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 07:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 07:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 07:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 19:42:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/08/11 19:42:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/08/11 19:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 19:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 19:01:03 | 000,000,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/08/11 19:01:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/08/11 18:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 13:18:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/11 13:14:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/11 13:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/08/11 13:03:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/11 13:03:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/11 13:03:14 | 000,467,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/11 13:03:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/11 13:03:14 | 000,081,072 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/11 13:03:14 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/11 13:03:14 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/11 13:03:13 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/11 13:03:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/11 13:03:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/11 13:03:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/11 13:03:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/11 06:10:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/11 06:09:40 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< c:\services.exe /s /md5 >
[2009/02/06 11:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- c:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 12:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- c:\WINDOWS\$NtUninstallKB956572$\services.exe
[2012/01/08 19:48:26 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- c:\WINDOWS\system32\services.exe
[2012/01/08 19:48:26 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- c:\WINDOWS\system32\dllcache\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >
  • 0

#13
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#14
KAM_MAN

KAM_MAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Amlak

Thanks for your help, please see following results for scans/logs as requested.
Kam


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=57bc02d7e74b0942beb2ee2af074e2f3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-16 05:44:11
# local_time=2012-01-16 05:44:11 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 662911 662911 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3940 3940 0 0
# scanned=93544
# found=3
# cleaned=3
# scan_time=18002
C:\Documents and Settings\Owner\My Documents\docs\Downloads\avc-free.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\My Documents\docs\Downloads\DownloadManager.exe a variant of Win32/Adware.iBryte.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\My Documents\Downloads\SoftonicDownloader_for_windows-xp-service-pack.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#15
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
There is a possibility that this could just be a false positive from AVG.

Do you use Flux? Uninstall any program you don't really need for the system, and see if AVG stops giving you an alert?

Also, besides that alert, have you been experiencing any issues with the computer that may be related to malware?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP