Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackers, Keyloggers, and Worms oh my!


  • Please log in to reply

#31
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
It works to a point. It reaches a file which it cannot find the destination, then promptly 'stops working.'

Internet Explorer 9 is proving tricky. I attempted to uninstall it (because it also 'stops working') so I could reinstall it, but it refuses to uninstall by any means listed on microsoft website.

It may be more prudent to finish removing any viruses before continueing those two problems. Where do we stand on that?
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
I'm not seeing anything but we can run a few more checks. Part of your problem could be you are running Spybot's Teatimer. This plays with permissions trying to keep malware away but I think it causes more trouble than it's worth.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


I don't see any malware left but we can run a couple more scans and see if they find anything.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#33
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Last couple of runs from MalwareBytes, Spybot, and AVG all reported clean. Had to use ESET via firefox with the download separate window thing, cuz IE is unusable ("has stopped working"). My compliments to ESET, tho, it seems to have found a large number.

If you could find a copy of dfsc.sys for vista (or know a secure place I can find it) it would be much appreciated. It was removed by combofix and may be part of my current problems. The other driver, sptd, is easily replaceable- its part of DaemonTools (a virtual DVD drive)

All known current glitches:
4 updates & IE9 are consistently refusing to install via windows update
Internet Explorer "has stopped working" upon loading any page (including 'blank'). Properties list it as IE 9.0.8112.16421
IE does not appear under Programs & Features, nor Updates, thus cannot be uninstalled.
IE does not uninstall using Microsoft's manual removal method involving cmd.exe
Windows Defrag fails to load
PowerDefragmenter hits an error and "has stopped working" after a short period of (presumably) working properly.
Cannot uninstall "Music Frost Toolbar" (and have no clue what it is/does) [found part of this program in combofix quarantine]

Logs:
BitDefender
ESET

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Fri May 11 01:09:42 2012
Machine ID: C494B227



No infection found.
-------------------



Processes
---------
hpwuSchd Application 3984 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
Adobe Acrobat Update Service 1052 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
AVG Internet Security 572 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 2372 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 2624 C:\Program Files\AVG\AVG2012\avgidsagent.exe
AVG Internet Security 2364 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 4020 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 1080 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
AVG Internet Security 508 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
ConfigFree™ 1060 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
ConfigFree™ 3764 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
ConfigFree™ Tray 3976 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
DivX Update 3992 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
ESET Online Scanner container 4932 C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
Firefox 2916 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 4720 C:\Program Files\Mozilla Firefox\plugin-container.exe
HD Audio Control Panel 3928 C:\Windows\RtHDVCpl.exe
Intel® Common User Interface 4052 C:\Windows\System32\hkcmd.exe
Intel® Common User Interface 3232 C:\Windows\System32\igfxext.exe
Intel® Common User Interface 4060 C:\Windows\System32\igfxpers.exe
Intel® Common User Interface 2984 C:\Windows\System32\igfxsrvc.exe
Microsoft® CoReXT 2232 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
Microsoft® CoReXT 2340 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 4076 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 3468 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 756 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 812 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 904 C:\Windows\System32\lsass.exe
Microsoft® Windows® Operating System 892 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1568 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 472 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 1980 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 3348 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 3748 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 2716 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 5424 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 804 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 860 C:\Windows\System32\winlogon.exe
RAID Event Monitor 3936 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RAID Monitor 2572 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
RealPlayer (32-bit) 4008 C:\Program Files\real\realplayer\Update\realsched.exe
Spybot - Search & Destroy 2868 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Synaptics Pointing Device Driver 3944 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver 3760 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
ToolbarU Application 2168 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
TOSHIBA Flash Cards 3968 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver 796 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
TOSHIBA Power Saver 3952 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA S.M.A.R.T. Log Service 312 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
TOSHIBA Zooming Utility 3960 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
Ulead Systems ULCDRSvr 2108 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
VProtect Application 4028 C:\Program Files\AVG Secure Search\vprot.exe
Windows® Search 4300 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 5548 C:\Windows\System32\SearchProtocolHost.exe
(verified) Microsoft® .NET Framework 1232 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(verified) Microsoft® Windows® Operating System 1584 C:\Windows\servicing\TrustedInstaller.exe
(verified) Microsoft® Windows® Operating System 3396 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 912 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 1548 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1468 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1420 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1312 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1276 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1196 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1184 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2196 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2004 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1828 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1780 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1608 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3444 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 5192 C:\Windows\System32\wuauclt.exe
(verified) Windows® Search 2256 C:\Windows\System32\SearchIndexer.exe
(verified) Yahoo! AutoUpdater 2536 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process firefox.exe (2916) connected on port 80 (HTTP) --> 74.125.225.96
Process firefox.exe (2916) connected on port 80 (HTTP) --> 74.125.225.96
Process firefox.exe (2916) connected on port 443 (HTTP over SSL) --> 74.125.225.102

Process wininit.exe (804) listens on ports: 49152 (RPC)
Process services.exe (892) listens on ports: 49157 (RPC)
Process lsass.exe (904) listens on ports: 49155 (RPC)
Process svchost.exe (1276) listens on ports: 135 (RPC)
Process svchost.exe (1312) listens on ports: 49153 (RPC)
Process svchost.exe (1468) listens on ports: 49154 (RPC)


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
HD Audio Control Panel C:\Windows\RtHDVCpl.exe
Intel® Common User Interface C:\Windows\System32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\System32\igfxpers.exe
Intel® Common User Interface C:\Windows\system32\igfxtray.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
RealPlayer (32-bit) C:\Program Files\real\realplayer\Update\realsched.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TOSHIBA Flash Cards C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
TOSHIBA Power Saver C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
TOSHIBA Zooming Utility C:\Program Files\Toshiba\SmoothView\SmoothView.exe
VProtect Application C:\Program Files\AVG Secure Search\vprot.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
AVG Internet Security c:\program files\avg\avg2012\avgdtiex.dll
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
AVG Secure Search c:\program files\avg secure search\11.0.0.9\avg secure search_toolbar.dll
AVG SiteSafety plugin C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
Bitdefender QuickScan C:\Users\Cougar\AppData\Roaming\Mozilla\Firefox\Profiles\nt02ihvk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DivX Plus Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
DivX Plus Web Player HTML5 <video> c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll
DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
Java™ Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U24 c:\program files\java\jre6\bin\ssv.dll
NPSWF32_11_2_202_235.dll C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealNetworks™ Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
RealPlayer Download and Record Plugin c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
Unity Player C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
Windows Live™ Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: NDSTray.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"


Scan
----
MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: acdd847db8deea5569425d55630071c0 c:\program files\avg secure search\11.0.0.9\avg secure search_toolbar.dll
MD5: b339d30a2d2e2e8ade46981f1491c8fa C:\Program Files\AVG Secure Search\vprot.exe
MD5: 11790a73767fbc981ba961d2231907e2 C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 8d01fa11124811ed06e876e5dde70039 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: e2c78d19572aacc2062a00f01503807e C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 3466855de825f86c484a3454ad090967 C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: d14719188e4e94265c159e318a30ea72 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: 60732ecec8aef0a05fe36e661aa1c99c C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: cbf120f957f8ca033ca0e437eafa4664 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: ecc96985954185dfcf455fbbb8037a1b C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: 19228c8949b340c7d2cfc5ba64a8a96a c:\program files\avg\avg2012\avgdtiex.dll
MD5: 9ce7e61e07ebd3ccf05055cc3fbc0c19 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: ba60fd7a64b9759a14c0fba4a9ed4c7b C:\Program Files\AVG\AVG2012\avgidsagent.exe
MD5: b7163d0b1a17426973766248ae2fb796 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: dd98897127f256d80170f686e46887d8 C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 91dc97f9da3e2b59049d410870935c78 C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: aff2e23e4e867140f07abadc9e29acdc C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 1dcce668323fb51bf209d7d9bd4a53fd C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: 6fc19512758456b119808f73463725d4 c:\program files\avg\avg2012\avgssie.dll
MD5: 93312f83fd4d5c38cee8aa1265c061ee C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 80956486306d1f546edc1dd7fae87f62 C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: ea1145debcd508fd25bd1e95c4346929 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: e7a68a61ff0aae8eceb7275315290b2c C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 60e5af8b7b4140c711b050fae5a3ab70 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 49ab3ca47662c8cd77388eb82aa795e6 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
MD5: fdefd28f09d2b0445e0acd09ef13145a C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MD5: 56e1e4442e4613fb2039a6b7421f4e58 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: 0a70f4022ec2e14c159efc4f69aa2477 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
MD5: 9c879e1c3b27085fb46efeccd7120d51 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
MD5: 332d341d92b933600d41953b08360dfb C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
MD5: b938c1ae3adce166190895685b0beb0d C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
MD5: bc8ab9aa21934b663a07f79f7efa0123 c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll
MD5: 3d2c49ed6f0bbb07d7cca0ca61f44f8f C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 4eb0c6c3ef4d8885cf2b5d0062f31e44 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MD5: eb4cdf2eca64fbacafbad2b04b1b2862 C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: c886f2d01813b12b1f359c35afa3b1f2 C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: 0ecc0901aebcb6b5c5c551c67e4e026a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll
MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: ac31c3fc0b28f54f4873c5136be525f8 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
MD5: 7d894ed61ef0505277d8a476d7df43f1 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: fe1a970e7ce330bb844e333c374c6599 C:\Program Files\iWin Games\iWinTrusted.exe
MD5: 88e49c2b7e75b1d9695d6a063f28a8bb c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 71652cb75c2c833a5681f48f3495b3ae c:\program files\java\jre6\bin\ssv.dll
MD5: 36a0f250c766d27bfe5a953c1a65b696 c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
MD5: bd5fc9f3ef6ce0e4e149e9825285974d C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4f69aabb5d82aa4ef6dff7871212adf6 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 2c83614ca5c79d7f75c65e79fcabb257 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 3817d77e8371f2b8bfab4653fb23230c C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 0993ab4dc534b208c5557d0586195589 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 97258f0898f8e3f3d154ce1dd71fd50b C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f8d269cb2edd02963adab1065352487d C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 1200b011ad494a9e41d882143deb9d68 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 6d8f7647f8eadb1f0d003b13ac7aff8b C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 4eb7702ea671448197af4ca2b0d6f7d0 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 77685eccd3cc603c49fb6df510f2d191 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: cbbaa8d5109e5c51c241482be107d1b2 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: e52f9b31aea7458e415616b88f41d6b6 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 65d434a6ead6152acffca952121b8fa2 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: a7b6857b7503d9ca4f40d17a7ebb67fb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 25a86a8d2a66b599800d3530dc8ca4af C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 9a0f86431a4304985a6a32356d8a1e5a C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 49c2a8dbd535ec9ff202aca627c3ec6a C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: ed866bd9b4f737c4e798eb92dca30931 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: cbe42bf86e34fbb1ca197da60b024792 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 96aa8ba23142cc8e2b30f3cae0c80254 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 879aad363252b682ef9550428e8c1fea c:\program files\real\realplayer\Netscape6\nppl3260.dll
MD5: f7b9148f6e0db4f722634452dff578e0 c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: 692c1cc6a09fde9f356524dd0d0391b8 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
MD5: f15e6014e812a5e2cd469fcf5682c0e1 C:\Program Files\real\realplayer\Update\realsched.exe
MD5: 6e240d6c2f0db74bed13ad723d3ab0a1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 4c1f26cfca34e978cc1311f9f080f675 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
MD5: 7df1e7b35c39d656850cfe237503f3f7 C:\Program Files\Toshiba\ConfigFree\CFP2API.dll
MD5: d10d01b2dfcd8d2f32a32ed29e8da1c2 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
MD5: 9a815510679c7ecd04ed194a9c9c25e5 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
MD5: 53835c26153df03322b6378addf070b4 C:\Program Files\Toshiba\ConfigFree\CFUPNP.dll
MD5: e02b05f518925555ba3bfd0bd8302a82 C:\Program Files\TOSHIBA\ConfigFree\CFWLAPI.dll
MD5: bb2666ac49d3d28c78106ef066ea2e24 C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll
MD5: ed3c13747a5a0455f4c1a019451c1225 C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll
MD5: ab62a8f77c0e2ec8bfdac6bb379b3ecb C:\Program Files\Toshiba\ConfigFree\NDSNLS.dll
MD5: 0172f917a624d08620a8ae94f5950a30 C:\Program Files\Toshiba\ConfigFree\NDSParts.dll
MD5: 6e3fefb74326a230237613f2b035c71f C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
MD5: 250c1c68e4747c2c831beae3c10ad432 C:\Program Files\Toshiba\ConfigFree\notify\NotifyCFF86.dll
MD5: 7a3e47a6f167e6b9835a6dc2ca20c9d8 C:\Program Files\Toshiba\ConfigFree\OpenProp.dll
MD5: 76f61061e321edf35b8916b6dd66cc35 C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MD5: 85fe1337101b9f9fd5e2ab865ad6c77f C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
MD5: 2240e4aa3910a1a6cbe168c66dad2824 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
MD5: aa6bd503a41ae158efba851965a40fe9 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
MD5: af9f38a0c5e790bb7f85bfaceec88442 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
MD5: 9d5270bf2caaf1a4bc2d6b970576abe0 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
MD5: 7c88e3cc3c53939fadfe4e6f2e570849 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
MD5: 149551a6bea760da03e1db630a2cf053 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
MD5: 75996e5e864b8baa2da1639d995d8e76 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
MD5: 6c7722cad2517c6170f3c4bcc5224286 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
MD5: e34ecafcdcb2be66ed651c363e0f216a C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
MD5: 6dc04e1ddb48ed7397d1597c737bc106 C:\Program Files\Toshiba\FlashCards\TCrdEvnt.dll
MD5: 8909e1a7c0c5167af378e143bc413fba C:\Program Files\Toshiba\FlashCards\TCrdMain.dll
MD5: f0cf4d72581b1e0b528086e9fb5da23b C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
MD5: 066b00871ece0e36f5658bb675eaf7fa C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MD5: f272269c4de5724151fcbdd4d757d3a8 C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MD5: da341a36236916c522ba6f06dbd07347 C:\Program Files\Toshiba\Power Saver\T1394Pwr.dll
MD5: 474b0c3abeae5e0b213699834a8356e7 C:\Program Files\Toshiba\Power Saver\TCooling.dll
MD5: 709b5f132d3f8607f38c8eb6c7b95b8f C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
MD5: 4e29ed8e7072f363bfb6613e02a73906 C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
MD5: b3693a331802d4f49b4f881c24137034 C:\Program Files\Toshiba\Power Saver\TOddPwr.dll
MD5: 44dbac611b11646683b5b066a049b8e4 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
MD5: 738cb2e3f180bce49bb0985865f68b8e C:\Program Files\Toshiba\Power Saver\TPwrFunc.dll
MD5: 8a75c36eee9ba57fbe09f6dcb8fc8d10 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
MD5: e08ff9e0dc5f604b89d8625fc91e0532 C:\Program Files\Toshiba\Power Saver\TPwrReg.dll
MD5: d1fb23fff60528efe5b32d14bde9777a C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
MD5: 0b2ec9add2b3057303f0d96025695875 C:\Program Files\Toshiba\Power Saver\TSDPwr.dll
MD5: 0f539f3af677e2a6e2dca1f7ae949b10 C:\Program Files\Toshiba\Power Saver\TtosFunc.dll
MD5: 22690dffc7f2a18279a7a0489aa02bac C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
MD5: 7a45905b462f6ae857e4566f3831aeb6 C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
MD5: 4ed320668a36ef72bc2a4b84f10353a9 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MD5: 311f8c91193b851104dd140966d6aea1 C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MD5: f92fa005b7ed96502dadbce0bbd49815 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
MD5: 0c5fa29c0e1149dc8e030fa0d1f371e9 C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 471b7df67a2494dd60dd2c3c3a8553bb C:\Program Files\Yahoo!\Shared\npYState.dll
MD5: 6e5700eb96d1d3c03ed1417b39382c4e c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
MD5: 3170fdfa0cce1d9133b6546315d11983 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 76c5adfe97a6960d0851522ea7aa5af4 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 1dcce668323fb51bf209d7d9bd4a53fd C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\Cougar\AppData\Roaming\Mozilla\Firefox\Profiles\nt02ihvk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: fd647ca82acf232dbe5f20345647b948 C:\Windows\AppPatch\AcGenral.DLL
MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MD5: 534760d947665da0a80bb1a208fb9ede C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MD5: 9755a2eb564287d3c8cf9639d746b586 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bed862dc1b6ba4eb085a645d0df2873b\PresentationFontCache.ni.exe
MD5: c72ff2cb0701d033c05cceb51779c872 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MD5: e60cd8df35eb4a9c952af381fef51af3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MD5: 2ab4f7cd23069cbb6b8332ef8027360b C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\Windows\Downloaded Program Files\isusweb.dll
MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 6c887e9ba3ae7f62635f098bfc9853cd C:\Windows\RtHDVCpl.exe
MD5: f6dfdfd5bc950275de3b285e108cb974 C:\Windows\servicing\CbsApi.dll
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\system32\adsldpc.dll
MD5: 031da76a5a7dc13f015dd3491394865e C:\Windows\system32\advpack.dll
MD5: f31eebc1a1c81fd04005489cc3dcdfe7 C:\Windows\system32\basesrv.dll
MD5: f21f255b91ca4f04e4250decd2067cbb c:\windows\system32\bitsperf.dll
MD5: d333058925ce305e39de8d5ad2b52a46 C:\Windows\system32\CLUSAPI.DLL
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 7f15b4953378c8b5161d65c26d5fed4d C:\Windows\system32\cngaudit.dll
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\system32\credui.dll
MD5: 187076dd5d8d4d5d23079d0741195ead C:\Windows\system32\CSRSRV.dll
MD5: abca209eba02cb59233614db83b4f50d C:\Windows\System32\csrss.exe
MD5: 3dfeec45e5f22993216083fb777719d5 C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 29e4ea31c6debe5efb384eefa4f1ef63 C:\Windows\system32\d3d10_1.dll
MD5: 556f1cbe9ba19e2ccd6f8d9af71af5c7 C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 33ebf5dcd45f878b3622ad82ab37af3a C:\Windows\system32\D3D10Warp.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa c:\windows\system32\dnsrslvr.dll
MD5: 4ebdd20afc19aaecba2893d128dd5ecd C:\Windows\system32\dpx.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: 0d83c87a801a3dfcd1bf73893fe7518c C:\Windows\system32\drivers\atapi.sys
MD5: 3c4b9850a2631c2263507400d029057b C:\Windows\system32\DRIVERS\atksgt.sys
MD5: 1074f787080068c71303b61fae7e7ca4 C:\Windows\system32\DRIVERS\avgidsdriverx.sys
MD5: 61a7e0b02f82cff3db2445bbe50b3589 C:\Windows\system32\DRIVERS\avgidsfilterx.sys
MD5: d63d83659eedf60b3a3e620281a888e5 C:\Windows\system32\DRIVERS\avgidshx.sys
MD5: baf975b72062f53d327788e99d64197e C:\Windows\system32\DRIVERS\avgidsshimx.sys
MD5: dda6a2a18841e4c9172bb85958b8d948 C:\Windows\system32\DRIVERS\avgldx86.sys
MD5: ccdd61545aaea265977e4b1efdc74e8c C:\Windows\system32\DRIVERS\avgmfx86.sys
MD5: 1fd90b28d2c3100bf4500199c8ad6358 C:\Windows\system32\DRIVERS\avgrkx86.sys
MD5: 1263f2554ace925c237a40b4c568d815 C:\Windows\system32\DRIVERS\avgtdix.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 3a3436f7dfe0e0c58cd5c3b6c9f21634 C:\Windows\System32\Drivers\dfsc.sys
MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys
MD5: cbc22823628544735625b280665e434e C:\Windows\system32\DRIVERS\FwLnk.sys
MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\DRIVERS\iaStor.sys
MD5: aa1636107c0c05a881bfbce41142c70f C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: e8ca038f51f7761bd6e3a3b0b8014263 C:\Windows\system32\drivers\kr10i.sys
MD5: 6a4adb9186dd0e114e623daf57e42b31 C:\Windows\system32\drivers\kr10n.sys
MD5: 2b2f1638466e8cb091400c9019cc730e C:\Windows\System32\Drivers\ksecdd.sys
MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\Windows\system32\DRIVERS\lirsgt.sys
MD5: 8be71d7edb8c7494913722059f760dd0 C:\Windows\system32\DRIVERS\LVPr2Mon.sys
MD5: a1857fbb9b4930eeb2fd92386c45c529 C:\Windows\system32\DRIVERS\lvrs.sys
MD5: 3703406af0726badd24c5e552493e5b1 C:\Windows\system32\DRIVERS\lvuvc.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f70590424eefbf5c27a40c67afdb8383 C:\Windows\system32\drivers\msahci.sys
MD5: b9cbd3dea7ca02868621173bf7a2af9f C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 7fe5089eb5f624899de08c30db4377fc C:\Windows\system32\DRIVERS\RTL8187B.sys
MD5: 2d19a7469ea19993d0c12e627f4530bc C:\Windows\system32\DRIVERS\Rtlh86.sys
MD5: 0d60b8c10a2c5e8dd620b3fdeb1cda64 C:\Windows\system32\DRIVERS\rtlprot.sys
MD5: f5825e41286556ddb8cc83a91d88f3c6 C:\Windows\system32\drivers\RTSTOR.SYS
MD5: 0022cfff1a41e5ce3a764050a7ddf22a C:\Windows\System32\Drivers\sptd.sys
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 814a1c66fbd4e1b310a517221f1456bf C:\Windows\System32\drivers\tcpip.sys
MD5: 4399a9bf7d8f49991a07fd86590a1619 C:\Windows\system32\DRIVERS\tos_sps32.sys
MD5: 792a8b80f8188aba4b2be271583f3e46 C:\Windows\system32\DRIVERS\TVALZ_O.SYS
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\system32\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\system32\Dxtrans.dll
MD5: b8a21907fe2f1a113f3487d9ab60bef9 C:\Windows\system32\en-us\tQuery.dll.mui
MD5: 8ce364388c8eca59b14b539179276d44 c:\windows\system32\fntcache.dll
MD5: 67bb7141f7f5f37411f796943b3418b6 C:\Windows\system32\framedynos.dll
MD5: 9a75518600fba10980ee94267ca98489 C:\Windows\System32\gameux.dll
MD5: 7a137514f4e48ecdbdd1f29cf7e8d5a4 C:\Windows\system32\GLU32.dll
MD5: b8d52005181a15d7d1470cbf2af214dd C:\Windows\system32\hal.dll
MD5: 8d04724f13b0fe63829113f28e845e8a C:\Windows\system32\halacpi.dll
MD5: b8d52005181a15d7d1470cbf2af214dd C:\Windows\system32\halmacpi.dll
MD5: 0f6aa9781875a7822b6d82b920351349 C:\Windows\system32\hccoin.dll
MD5: 6fdf41182ba0fe31de88c4d3009e0637 C:\Windows\System32\hccutils.DLL
MD5: 01ca5388f3991b9af886fe5fbdce4e5c C:\Windows\system32\hcrstco.dll
MD5: b4b59ac042ee3733a862f26cbc0b17fc C:\Windows\system32\hidphone.tsp
MD5: 00bf92681c8c414edf8e38614203242d C:\Windows\System32\hkcmd.exe
MD5: aabeb61e8f9111ef6cf2ddc1c5590d90 C:\Windows\System32\HPDiscoPM9311.dll
MD5: 30df90152de6387b3e5bae74cdeb4981 C:\Windows\System32\hpinksts9311LM.dll
MD5: 16ee199006a653ee8937632459cb66be C:\Windows\System32\hpzlllhn.dll
MD5: 0c84b6affa7486422235584110d7176f c:\windows\system32\ICAAPI.dll
MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\system32\ieframe.dll
MD5: 1341915d4705a3ba68bc49e83024ade0 C:\Windows\system32\iertutil.dll
MD5: e4ec63f4292d91c78f2af6715aa370cb C:\Windows\system32\igdumd32.dll
MD5: dda6195ff1fffaa959c70e5a81e02b84 C:\Windows\system32\igdumdx32.dll
MD5: 60e59a2a01be4010fbad6e0a71edc975 C:\Windows\system32\igfxdev.dll
MD5: 921faf16fde48894732ea1b250d21c74 C:\Windows\system32\igfxexps.dll
MD5: 97cbd993333526d9b8ad76b7aa1a314f C:\Windows\System32\igfxext.exe
MD5: 6a9f78c638a08ced7658d9068868706d C:\Windows\System32\igfxpers.exe
MD5: 73a080a5f4b3ca21bcdc4a5285c95083 C:\Windows\system32\igfxrENU.lrc
MD5: c83a3a029bfc69e157b785d51fd77c2f C:\Windows\system32\igfxsrvc.dll
MD5: 59b49e9134a69d298a54e3e9896fe2f0 C:\Windows\System32\igfxsrvc.exe
MD5: 4af96d7266249ebeaa969b58ad806087 C:\Windows\system32\igfxTMM.dll
MD5: d1c12baf1358f0e22c81db50e2885d20 C:\Windows\system32\igfxtray.exe
MD5: 7f83b06a929a981bc001b2ea304d2036 c:\windows\system32\iphlpsvc.dll
MD5: ae5fa997c88c6a15c841da275058b332 C:\Windows\system32\iscsilog.dll
MD5: 328e900311d5c31f399730c7ccc8883a C:\Windows\System32\jscript9.dll
MD5: 327695074718e1bdac226b2a16f425e2 C:\Windows\system32\jsproxy.dll
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: 74c2f29cc612b2b34231bebd824d2fb2 C:\Windows\system32\keyiso.dll
MD5: 953193a9dea40348c1086d171f6440ae C:\Windows\system32\kmddsp.tsp
MD5: ca0b849566776a17f35f0339be17dfd9 c:\windows\system32\ktmw32.dll
MD5: 19ffad68a02af1bf0bc336ee26cd6767 c:\windows\system32\l2gpstore.dll
MD5: 35d40113e4a5b961b6ce5c5857702518 c:\windows\system32\lmhsvc.dll
MD5: 178fac2b7c66e9a4400ce7ac37623e3f C:\Windows\system32\LSASRV.dll
MD5: a3e186b4b935905b829219502557314e C:\Windows\System32\lsass.exe
MD5: de5a4d89c47b9a1cc97dfab11a795abb C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\mfplat.dll
MD5: b4f5de3dad8e6b97272f45db97674878 C:\Windows\System32\mgmtapi.dll
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\system32\MPRAPI.dll
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\System32\msfeeds.dll
MD5: f82bf2cb075b49e9fab5ff213c45c020 C:\Windows\system32\mshtml.dll
MD5: aab5feaabf4cb6f76d794203831c8d94 C:\Windows\system32\Msidle.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 5e41139ec6efbcaffd96d46925e544ab c:\windows\system32\mspatcha.dll
MD5: abe9eea1eabea0711610a637a7b1c25d C:\Windows\system32\msprivs.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll
MD5: 2fa16465f64db54b1f7f511395eb4fd7 C:\Windows\system32\NCObjAPI.DLL
MD5: f4d9ed6bd74ad7cc0bec83c43a1cb76b c:\windows\system32\ncsi.dll
MD5: 2f6776acefe41ee889c464ea407918f2 C:\Windows\system32\ndptsp.tsp
MD5: 6bc5fcef351e4cb5a269c1e84b5a06da C:\Windows\system32\netcfgx.dll
MD5: 95daecf0fb120a7b5da679cc54e37dde C:\Windows\system32\netlogon.dll
MD5: 4bf053944e973c073339be841c9ecf28 C:\Windows\System32\NETRAP.dll
MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd c:\windows\system32\nsisvc.dll
MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: b55e77bb01e85d2ca2c4b8424e1df345 C:\Windows\system32\OPENGL32.dll
MD5: f0062778f50838145ac46b384ffb4fa3 C:\Windows\system32\pcadm.dll
MD5: 7d1a10a1f3562cca1fd38e9bada8fec0 C:\Windows\system32\perfos.dll
MD5: 21322832c99e8de85bd047689a2a69db C:\Windows\system32\pnpts.dll
MD5: e340845c8e96d107c36420065d7a5733 C:\Windows\system32\printcom.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\system32\RASDLG.dll
MD5: 88225070dd2f7b0b2ed51e7935078641 C:\Windows\system32\RASQEC.DLL
MD5: b9f3ff52b84fd9e3cafb29b8ee385e5b C:\Windows\system32\RESUTILS.DLL
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: da61f5c012a646771587a8cb9c0ae590 C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d c:\windows\system32\schedsvc.dll
MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\shdocvw.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\system32\SHSVCS.dll
MD5: 801decf3a583c270e5c398fcd082e3dd C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: 43aef7355d24090ca7c24c83846bd981 C:\Windows\system32\SPP.dll
MD5: bf7e4d6f60a6d9e866432855c6f8c262 c:\windows\system32\sqmapi.dll
MD5: bc8e5f6aaf447364a6f6a00d3f8faf29 C:\Windows\system32\SrClient.dll
MD5: 1bf5eebfd518dd7298434d8c862f825d c:\windows\system32\srvsvc.dll
MD5: 452341e471d2d961229dfe0842957272 C:\Windows\system32\SSCORE.DLL
MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll
MD5: 9f433f65d10043295f42dd015b189426 C:\Windows\system32\SxsStore.dll
MD5: 390951d528c971215ac220ba12f60dec C:\Windows\system32\SynCOM.dll
MD5: a7fa423e62ca375d0b12b752c446568f C:\Windows\system32\SynTPAPI.dll
MD5: 1baa26d1e827bf4e07d346dd9365dc2a C:\Windows\system32\SysFxUI.dll
MD5: 71f5a7104fdf16c0ac5283a6ce666553 C:\Windows\system32\SYSNTFY.dll
MD5: 3e4239b92139f7174a0da7d53fe5e1ab C:\Windows\System32\sysprep\PEDrv.sys
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 2a6a2c09ecc2cb495628e45f1379ece8 C:\Windows\system32\taskcomp.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: 5091452dc719281cf1dd69367e13b494 C:\Windows\System32\tcpmib.dll
MD5: f8873d15018f411588bec02c1725bada C:\Windows\system32\tspkg.dll
MD5: e45051c374f845edf3db02a35ba13193 C:\Windows\system32\umb.dll
MD5: dfbaadf1b624dc71e88d34d86b3595be C:\Windows\system32\uniplat.dll
MD5: 4c162b2a8e175f46db41b21c77688221 C:\Windows\system32\urlmon.dll
MD5: 0bf0bb276f17b6ad61a8694d2551ec28 C:\Windows\System32\usbmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\system32\vbscript.dll
MD5: dc3ae9f1554dcd97f90983ddbdacd83d C:\Windows\system32\vsstrace.dll
MD5: f723422a11cd6fa13036746272200993 C:\Windows\system32\wbem\cimwin32.dll
MD5: 83c2f5076e1b4a63c04f2b14ee7cad47 C:\Windows\system32\wbem\wbemdisp.dll
MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll
MD5: e7d0f91e44d9d3b2116fa549bdcdb756 c:\windows\system32\WDSCORE.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: 0745d6ead386710110817fbec03f5161 C:\Windows\system32\wfapigp.dll
MD5: 73fe2e5fa55088a241aa2732f5d387d6 C:\Windows\system32\wiarpc.dll
MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\system32\WINHTTP.dll
MD5: 44465367256d1c72b58f5abaa19e7016 C:\Windows\system32\WININET.dll
MD5: 101ba3ea053480bb5d957ef37c06b5ed C:\Windows\System32\wininit.exe
MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: d2293b069e4b63dc17b2f08d45e71124 C:\Windows\system32\winsrv.dll
MD5: 92283d9e33ec5f41ecc0b430b7459241 C:\Windows\system32\wls0wndh.dll
MD5: 0727200f10320a6ba7e59433094fbba7 C:\Windows\system32\WMALFXGFXDSP.dll
MD5: bfe74095684093f14d24801c8c0d16e3 C:\Windows\system32\WMI.dll
MD5: f0321da5203f1e71917f3b7a13dc4912 C:\Windows\system32\WMsgAPI.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 399bb52ad0668472717498e97cf28341 c:\windows\system32\WUDFPlatform.dll
MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll
MD5: a58374d1a487c3cf98355ba92c0188c0 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cbscore.dll
MD5: 47071dd42f703390b205b33b11dab65c C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
MD5: 971b711e37cf2cedce57b54384640e54 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
MD5: e7d0f91e44d9d3b2116fa549bdcdb756 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
MD5: 380e6b396644edcdfa07e52d7d95ef99 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.02 MB sent, 1.45 KB recvd
Scanned 896 files and modules - 51 seconds

==============================================================================

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b2b8db227df8640a2fdf02823f49303
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-11 07:53:23
# local_time=2012-05-11 02:53:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 53777507 53777507 0 0
# compatibility_mode=1024 16777215 100 0 6771077 6771077 0 0
# compatibility_mode=5892 16776574 100 100 24921330 173325026 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=191000
# found=12
# cleaned=12
# scan_time=5349
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\DRM\FBFC.tmp a variant of Win32/Kryptik.ABPQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cougar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\17cd9804-489f2caf a variant of Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cougar\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120211235108539.rsc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir a variant of Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.12.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0004.dta probably a variant of Win32/TrojanDownloader.Agent.LVENLZT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\30.04.2012_18.48.49\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
ESET found these

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\DRM\FBFC.tmp a variant of Win32/Kryptik.ABPQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cougar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\17cd9804-489f2caf a variant of Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cougar\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120211235108539.rsc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

The rest are files that had already been removed by Combofix (Qoobox) and TDSSKiller.

First one is the only one that looks like it might be real and it's been on the system for a while:

2012-02-20 23:04 . 2012-02-20 23:04 130048 ----a-w- c:\programdata\Microsoft\Windows\DRM\FBFC.tmp

By itself it can't do anything as it is not being used as far as I can see.

The second one is just some garbage in your Java cache. You get this kind of stuff when you visit a bad website.
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml



The third one looks like a false positive since it's in a subfolder belonging to AVG.

Combofix did not remove the dfsc.sys file. It replaced it with a backup copy that it found. I'm sure if you submit the file C:Windows\system32\Drivers\dfsc.sys to www.virustotal.com it will show as clean.

Where I messed up was thinking you had XP. I gave you the XP instructions for replacing the Accessories shortcuts. Should have given you the Vista fix:

http://www.vistax64....-shortcuts.html

Please run OTL, Quickscan and post the log. I'll see if I can remove your toolbar.
  • 0

#35
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Took a gamble, downloaded Music Frost and installed it over the fractured copy- then immediately uninstalled it and the toolbar. Seems to have worked, but re-running all scans.

OTL logfile created on: 11/05/2012 11:31:03 AM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 164.36 Gb Free Space | 73.31% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 22:19:37 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/20 20:19:03 | 000,016,824 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 17:43:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/13 12:01:26 | 009,037,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 21:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/18 23:29:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/18 23:29:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/10 23:42:54 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/23 22:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 22:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/03 22:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/03 22:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/03 22:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 23:52:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/03 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Extensions
[2012/05/11 01:07:47 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Firefox\Profiles\nt02ihvk.default\extensions
[2012/05/11 01:07:47 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Cougar\AppData\Roaming\mozilla\Firefox\Profiles\nt02ihvk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/05/03 23:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/07 14:10:14 | 000,442,053 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 01:07:58 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\QuickScan
[2012/05/11 01:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/10 23:42:27 | 000,206,200 | ---- | C] (Sysinternals) -- C:\Users\Cougar\Desktop\Contig.exe
[2012/05/10 23:24:38 | 000,000,000 | R--D | C] -- C:\Users\Cougar\Desktop\Favorites
[2012/05/07 12:28:28 | 002,473,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/05/04 17:05:55 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/04 16:39:06 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2012/05/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Cougar\{7e015dc6-6631-47f4-b276-bc8c65c2f401}
[2012/05/04 01:54:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Mozilla
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\Mozilla
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 23:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\temp
[2012/05/03 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2012/05/03 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\AVG Secure Search
[2012/05/03 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/03 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/03 22:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/03 22:16:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/02 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Documents\C
[2012/04/30 21:48:27 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/04/30 21:47:48 | 000,093,696 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Yahoo!
[2012/04/30 19:43:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/30 18:12:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 17:57:06 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:02:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 17:02:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 17:02:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 17:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 16:48:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 16:37:52 | 004,479,797 | R--- | C] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:25:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:24:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50D8000435DB0020086B570F1C8B
[2012/04/23 20:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 11:19:00 | 097,852,530 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/11 11:16:54 | 000,654,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 11:16:54 | 000,123,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 11:13:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 11:10:47 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 11:10:46 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 11:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 02:36:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 17:55:46 | 000,024,005 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/07 14:10:14 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/07 12:29:06 | 002,473,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:42:07 | 000,011,054 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2012/05/06 11:43:34 | 000,334,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/05 20:27:08 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120507-141014.backup
[2012/05/04 17:16:28 | 000,014,640 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/04 17:01:38 | 000,001,356 | ---- | M] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/04 01:45:26 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 23:33:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120505-202708.backup
[2012/05/01 01:15:30 | 000,015,264 | ---- | M] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 21:47:52 | 000,093,696 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 21:20:35 | 004,479,797 | R--- | M] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 20:53:09 | 000,000,937 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:43:03 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:58:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:52:56 | 000,000,818 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-214633.backup
[2012/04/30 16:30:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 23:42:33 | 000,492,488 | ---- | C] () -- C:\Users\Cougar\Desktop\PowerDefragmenter.exe
[2012/05/04 01:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/01 01:15:28 | 000,015,264 | ---- | C] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 20:53:09 | 000,000,937 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:07:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:52:56 | 000,000,818 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:02:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 17:02:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 17:02:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 17:02:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 17:02:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/16 16:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Cougar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 03:01:38 | 000,001,356 | ---- | C] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2010/11/28 16:58:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/22 00:31:59 | 000,007,164 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\UserTile.png
[2010/07/04 13:40:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/20 02:57:06 | 000,011,054 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2009/08/18 23:29:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/18 23:29:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/18 19:58:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/18 19:58:29 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 04:47:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/05/23 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Alawar
[2011/11/02 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AlphaKimori2
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Aveyond 3
[2012/02/12 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG
[2012/05/03 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2011/11/26 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Big Fish Games
[2012/05/04 15:17:41 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DAEMON Tools Lite
[2012/04/23 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dekovir
[2009/09/21 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DeLorme
[2012/05/04 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dropbox
[2011/11/19 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\ERS Game Studios
[2012/04/23 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Games
[2011/02/20 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Ghost Ship Studios
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\HuruBeachParty
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Islands
[2010/11/14 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Leadertech
[2010/11/26 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\LEGO Company
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Lost in the City
[2012/04/23 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Neopets Toolbar
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\PathToSuccess
[2010/11/30 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Pony-World-Deluxe
[2012/05/11 01:09:42 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\QuickScan
[2011/08/05 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Skip-Bo
[2012/05/04 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2009/12/31 02:40:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Template
[2012/05/09 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Toshiba
[2011/09/04 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Visan
[2011/08/10 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Windows Live Writer
[2012/05/11 03:01:05 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BF3D0EA3
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A5388B43

< End of report >

Edited by Sarous, 11 May 2012 - 11:05 AM.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Looks like you are missing autochk.exe so let's see if OTL can find it for us:


Copy the text in the code box:

/md5start
autochk.exe
ioport.sys
/md5stop
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#37
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Logs:
OTL
Extras

OTL logfile created on: 11/05/2012 3:29:56 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 163.92 Gb Free Space | 73.11% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 22:19:37 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 17:43:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2012/05/11 12:13:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/13 12:01:26 | 009,037,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 21:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/18 23:29:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/18 23:29:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/10 23:42:54 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.musicfrost.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google Custom Search"
FF - prefs.js..browser.search.selectedEngine: "MFGSearch.NET"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..keyword.URL: "http://search.musicf...results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/23 22:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 22:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/03 22:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/03 22:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/03 22:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 23:52:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/03 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Extensions
[2012/05/11 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Firefox\Profiles\nt02ihvk.default\extensions
[2012/05/11 11:52:06 | 000,002,119 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\Mozilla\FireFox\Profiles\nt02ihvk.default\searchplugins\MFGSearch.xml
[2012/05/03 23:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/11 12:16:01 | 000,442,053 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 12:10:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/11 01:07:58 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\QuickScan
[2012/05/11 01:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/10 23:42:27 | 000,206,200 | ---- | C] (Sysinternals) -- C:\Users\Cougar\Desktop\Contig.exe
[2012/05/10 23:24:38 | 000,000,000 | R--D | C] -- C:\Users\Cougar\Desktop\Favorites
[2012/05/07 12:28:28 | 002,473,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/05/04 17:05:55 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/04 16:39:06 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2012/05/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Cougar\{7e015dc6-6631-47f4-b276-bc8c65c2f401}
[2012/05/04 01:54:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Mozilla
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\Mozilla
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 23:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\temp
[2012/05/03 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2012/05/03 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\AVG Secure Search
[2012/05/03 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/03 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/03 22:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/03 22:16:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/02 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Documents\C
[2012/04/30 21:48:27 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/04/30 21:47:48 | 000,093,696 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Yahoo!
[2012/04/30 19:43:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/30 18:21:02 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/30 18:12:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 17:57:06 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:25:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.svs
[2012/04/30 17:02:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 17:02:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 17:02:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 17:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 16:48:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 16:37:52 | 004,479,797 | R--- | C] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:25:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:24:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50D8000435DB0020086B570F1C8B
[2012/04/25 03:26:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/25 03:26:02 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/25 03:26:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/25 03:26:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/25 03:25:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/25 03:25:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/25 03:25:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/24 16:21:12 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/04/23 20:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 15:10:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 15:10:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 14:36:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 12:16:01 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/11 12:13:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/11 11:19:00 | 097,852,530 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/11 11:16:54 | 000,654,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 11:16:54 | 000,123,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 11:13:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 11:10:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 17:55:46 | 000,024,005 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/07 14:10:14 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120511-121601.backup
[2012/05/07 13:22:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/07 13:22:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/07 12:29:06 | 002,473,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:42:07 | 000,011,054 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2012/05/06 11:43:34 | 000,334,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/05 20:27:08 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120507-141014.backup
[2012/05/04 17:16:28 | 000,014,640 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/04 17:01:38 | 000,001,356 | ---- | M] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/04 01:45:26 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 23:33:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120505-202708.backup
[2012/05/01 01:15:30 | 000,015,264 | ---- | M] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 21:47:52 | 000,093,696 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 21:20:35 | 004,479,797 | R--- | M] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 20:53:09 | 000,000,937 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:43:03 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:58:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:52:56 | 000,000,818 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-214633.backup
[2012/04/30 16:30:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 23:42:33 | 000,492,488 | ---- | C] () -- C:\Users\Cougar\Desktop\PowerDefragmenter.exe
[2012/05/04 01:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/01 01:15:28 | 000,015,264 | ---- | C] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 20:53:09 | 000,000,937 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:07:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:52:56 | 000,000,818 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:02:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 17:02:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 17:02:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 17:02:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 17:02:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/16 16:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Cougar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 03:01:38 | 000,001,356 | ---- | C] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2010/11/28 16:58:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/22 00:31:59 | 000,007,164 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\UserTile.png
[2010/07/04 13:40:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/20 02:57:06 | 000,011,054 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2009/08/18 23:29:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/18 23:29:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/18 19:58:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/18 19:58:29 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 04:47:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========



< MD5 for: AUTOCHK.EXE >
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 05:24:00 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BF3D0EA3
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A5388B43

< End of report >
OTL Extras logfile created on: 11/05/2012 3:29:56 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 163.92 Gb Free Space | 73.11% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8E482A5C-63D2-487E-838D-082205EB01FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C079FEEC-52F4-4C6E-94F2-4B2C938E2F52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC028AC-0B58-4DCD-8EEF-6A23BB270B6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{10433038-5196-4621-B1AD-D2734BA827E0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{10AFE80A-E8DB-473B-B1C7-D30E9A211BC9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1977215F-2573-41E4-ACB9-E14E02F25DB1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1B52C3F2-E133-4DE3-BD56-5F21FAD700FA}" = protocol=6 | dir=in | app=c:\users\cougar\appdata\roaming\dropbox\bin\dropbox.exe |
"{24A3E9C5-EC17-42AC-B880-961F5BE19921}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{25DF0817-9FE3-4810-95BE-2447A1820435}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{26FD51CE-0416-46F0-BB3C-A3F9391B3148}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{299AC577-C992-4D07-9FBD-A17A89C32A28}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2C26BD51-5B9E-4907-AD08-80CF4A5C9190}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2C520548-C312-408B-A8C2-7FB85D579345}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{30F34643-7573-4760-BD6F-C5CC3612C7A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{31DAE6E4-CC0C-499D-80B5-D37EE027C0B1}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{376CEBC4-4944-4AFA-B08C-43F7F04EA97B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4A4D3683-1C2B-46D7-A091-11B95CD4E526}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4EFDDC38-5E33-4657-A572-64B4E58A2B29}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{505D0AB5-CD61-4933-8A34-4182DF6DE8B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{549159AE-2624-437A-8162-CA4E3F8EDA87}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5786A079-286E-45FF-9316-7B420CBD88A2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5840C15D-AF81-4FBE-B051-342217507753}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5F454DE0-4F3F-4526-9B35-459ECF6B6F6F}" = protocol=17 | dir=in | app=c:\users\cougar\appdata\roaming\dropbox\bin\dropbox.exe |
"{6054539E-71B6-4C40-BC3C-9DCAB320EE8B}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{63CFAB56-E2BF-4B3E-9B37-07A6E302194C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{692886A9-AFFE-4AF4-A1F4-370B193A430A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{6DDB132C-9A11-4E3C-9534-71D53F92773B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{76C9FF82-1146-42BE-B52E-B4F90DA95F4B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{7E2E3141-7A56-4982-90ED-40976698E7B8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{85D19771-E1AA-4E3B-83ED-DBE42B09D4B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{86F60163-0631-4F6E-A0E3-D52F5251AE35}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8C293F73-1599-4E3A-957D-0BEEC9590E24}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{93622F5A-A880-42EA-891E-9AB6031897AC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{A341BB65-298D-4B2B-AE1A-233AE9841BB1}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{ADEC772F-AFE6-4436-93EC-5BF8BF42FD12}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B347DE1B-3009-4B1C-A13B-93C92742308D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B41051B2-D5BC-4970-82C0-20237577393A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{BB0EE90A-41DA-4761-B0AC-A376B9B4AE8E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BD5358FE-3408-4DCD-B60A-2C20526DC82A}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{BD6AEAEC-2B01-4690-861A-342D3ED33D94}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{CB9C99DA-226F-4296-A58F-D70C4FAE3A21}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{DE1C0775-A593-4A34-8959-7F27B57D3B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E835BD2D-B213-485B-A504-6D7C9C0B8DB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E917B7F7-069A-4FEC-9322-FE3D8435255B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{EE8AB93C-A6DB-4BCA-BFEE-DA51751FE77C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F04D53B1-F1EB-415D-BD3F-3DCFFDD7083B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F28F47F0-5553-43F5-A626-362588B19A83}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{FB7D8A2D-B2BC-4C43-8E9B-3B36CCF8DA19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"TCP Query User{68CE31BD-3A07-4952-BA55-17275F4D998F}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C6623EF8-ED84-4DEC-8E7C-4BC84C48F00C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74CD74F8-6A52-4EC6-8D1E-100D9D995582}" = e-Sword Bible Screen Saver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3561AD8-BDB2-467F-BB03-69B3890BEC36}" = DeLorme Street Atlas USA 2010 Plus
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AVG" = AVG 2012
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol™
"BFG-Azada - In Libro Collector's Edition" = Azada: In Libro Collector's Edition
"BFG-Brain Training for Dummies" = Brain Training for Dummies
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition" = Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
"BFG-Tradewinds Caravans" = Tradewinds Caravans
"BFG-Wild West Story - The Beginning" = Wild West Story: The Beginning
"Bilbo: The Four Corners of the World" = Bilbo: The Four Corners of the World (remove only)
"Brainiversity" = Brainiversity (remove only)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Huru Beach Party" = Huru Beach Party (remove only)
"iWinArcade" = iWin Games (remove only)
"Jojo's Fashion Show: World Tour" = Jojo's Fashion Show: World Tour (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Tribe" = My Tribe (remove only)
"Neopets" = Neopets
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"New LEGO Digital Designer" = LEGO Digital Designer
"Nightmare Adventures: The Witch's Prison" = Nightmare Adventures: The Witch's Prison (remove only)
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"Pony World Deluxe" = Pony World Deluxe (remove only)
"RealPlayer 15.0" = RealPlayer
"SKIP-BO Castaway Caper" = SKIP-BO Castaway Caper (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Take Command 2nd Manassas_is1" = Take Command 2nd Manassas
"Turtix" = Turtix (remove only)
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 1.0.1
"Westward" = Westward (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/05/2012 12:47:37 AM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application Contig.exe, version 1.60.0.0, time stamp 0x4d02c0c4,
faulting module Contig.exe, version 1.60.0.0, time stamp 0x4d02c0c4, exception
code 0xc0000409, fault offset 0x00003133, process id 0x15dc, application start time
0x01cd2f312e32aea6.

Error - 11/05/2012 2:01:36 AM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/05/2012 2:39:40 AM | Computer Name = Cougar-PC | Source = VSS | ID = 8194
Description =

Error - 11/05/2012 2:45:17 AM | Computer Name = Cougar-PC | Source = VSS | ID = 8194
Description =

Error - 11/05/2012 2:46:00 AM | Computer Name = Cougar-PC | Source = VSS | ID = 8194
Description =

Error - 11/05/2012 12:10:51 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/05/2012 12:35:51 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module igdumdx32.dll, version 8.15.10.2555, time stamp 0x4e9734ed,
exception code 0xc0000005, fault offset 0x00009754, process id 0x1ec, application
start time 0x01cd2f941df5fd95.

Error - 11/05/2012 12:36:28 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application Contig.exe, version 1.60.0.0, time stamp 0x4d02c0c4,
faulting module Contig.exe, version 1.60.0.0, time stamp 0x4d02c0c4, exception
code 0xc0000409, fault offset 0x00003133, process id 0xd78, application start time
0x01cd2f94338d3655.

Error - 11/05/2012 12:52:15 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module igdumdx32.dll, version 8.15.10.2555, time stamp 0x4e9734ed,
exception code 0xc0000005, fault offset 0x00009754, process id 0x66c, application
start time 0x01cd2f96683c8205.

Error - 11/05/2012 4:28:26 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module igdumdx32.dll, version 8.15.10.2555, time stamp 0x4e9734ed,
exception code 0xc0000005, fault offset 0x00009754, process id 0x1124, application
start time 0x01cd2fb4968f9075.

[ System Events ]
Error - 07/05/2012 2:32:27 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09/05/2012 8:22:51 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09/05/2012 9:08:16 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09/05/2012 10:03:05 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09/05/2012 10:08:22 PM | Computer Name = Cougar-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 11/05/2012 12:08:36 AM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/05/2012 12:39:16 AM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/05/2012 2:01:45 AM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/05/2012 2:36:33 AM | Computer Name = Cougar-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 11/05/2012 12:11:01 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
See next post.
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Download and Save the auto.zip file from the previous post. Right click on it and Extract All then find the auto.reg file and right click on it and Merge.

This just redoes the registry entry to make sure it's correct. The file is present in System32 where it should be. It's possible that the permissions on it are incorrect:

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\windows\system32\autochk.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Then run OTL, (right click and Run As Admin), Quickscan and post the log.
  • 0

#40
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
GrantPerms by Farbar
Ran by Cougar (administrator) at 2012-05-11 20:53:45

===============================================
\\?\c:\windows\system32\autochk.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


OTL logfile created on: 11/05/2012 8:54:26 PM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 163.93 Gb Free Space | 73.11% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 22:19:37 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 17:43:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/13 12:01:26 | 009,037,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 21:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/18 23:29:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/18 23:29:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/10 23:42:54 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.musicfrost.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google Custom Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..keyword.URL: "http://search.musicf...results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/23 22:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 22:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/03 22:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/03 22:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/03 22:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 23:52:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/03 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Extensions
[2012/05/11 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Firefox\Profiles\nt02ihvk.default\extensions
[2012/05/03 23:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/11 12:16:01 | 000,442,053 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 01:07:58 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\QuickScan
[2012/05/11 01:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/10 23:42:27 | 000,206,200 | ---- | C] (Sysinternals) -- C:\Users\Cougar\Desktop\Contig.exe
[2012/05/10 23:24:38 | 000,000,000 | R--D | C] -- C:\Users\Cougar\Desktop\Favorites
[2012/05/07 12:28:28 | 002,473,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/05/04 17:05:55 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/04 16:39:06 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2012/05/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Cougar\{7e015dc6-6631-47f4-b276-bc8c65c2f401}
[2012/05/04 01:54:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Mozilla
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\Mozilla
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 23:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\temp
[2012/05/03 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2012/05/03 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\AVG Secure Search
[2012/05/03 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/03 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/03 22:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/03 22:16:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/02 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Documents\C
[2012/04/30 21:48:27 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/04/30 21:47:48 | 000,093,696 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Yahoo!
[2012/04/30 19:43:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/30 18:12:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 17:57:06 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:02:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 17:02:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 17:02:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 17:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 16:48:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 16:37:52 | 004,479,797 | R--- | C] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:25:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:24:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50D8000435DB0020086B570F1C8B
[2012/04/23 20:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 20:48:05 | 000,654,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/11 20:48:05 | 000,123,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/11 20:44:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 20:42:29 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 20:42:29 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 20:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 19:02:10 | 097,897,706 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/11 16:36:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 12:16:01 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/07 17:55:46 | 000,024,005 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/07 14:10:14 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120511-121601.backup
[2012/05/07 12:29:06 | 002,473,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Cougar\Desktop\Procmon.exe
[2012/05/06 15:42:07 | 000,011,054 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2012/05/06 11:43:34 | 000,334,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/05 20:27:08 | 000,442,053 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120507-141014.backup
[2012/05/04 17:16:28 | 000,014,640 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/04 17:01:38 | 000,001,356 | ---- | M] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/04 01:45:26 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 23:33:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120505-202708.backup
[2012/05/01 01:15:30 | 000,015,264 | ---- | M] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 21:47:52 | 000,093,696 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 21:20:35 | 004,479,797 | R--- | M] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 20:53:09 | 000,000,937 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:43:03 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:58:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:52:56 | 000,000,818 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-214633.backup
[2012/04/30 16:30:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/10 23:42:33 | 000,492,488 | ---- | C] () -- C:\Users\Cougar\Desktop\PowerDefragmenter.exe
[2012/05/04 01:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/01 01:15:28 | 000,015,264 | ---- | C] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 20:53:09 | 000,000,937 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:07:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:52:56 | 000,000,818 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:02:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 17:02:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 17:02:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 17:02:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 17:02:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/16 16:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Cougar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 03:01:38 | 000,001,356 | ---- | C] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2010/11/28 16:58:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/22 00:31:59 | 000,007,164 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\UserTile.png
[2010/07/04 13:40:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/20 02:57:06 | 000,011,054 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2009/08/18 23:29:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/18 23:29:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/18 19:58:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/18 19:58:29 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 04:47:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/05/23 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Alawar
[2011/11/02 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AlphaKimori2
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Aveyond 3
[2012/02/12 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG
[2012/05/03 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2011/11/26 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Big Fish Games
[2012/05/04 15:17:41 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DAEMON Tools Lite
[2012/04/23 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dekovir
[2009/09/21 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DeLorme
[2012/05/04 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dropbox
[2011/11/19 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\ERS Game Studios
[2012/04/23 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Games
[2011/02/20 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Ghost Ship Studios
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\HuruBeachParty
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Islands
[2010/11/14 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Leadertech
[2010/11/26 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\LEGO Company
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Lost in the City
[2012/04/23 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Neopets Toolbar
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\PathToSuccess
[2010/11/30 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Pony-World-Deluxe
[2012/05/11 01:09:42 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\QuickScan
[2011/08/05 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Skip-Bo
[2012/05/04 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2009/12/31 02:40:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Template
[2012/05/09 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Toshiba
[2011/09/04 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Visan
[2011/08/10 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Windows Live Writer
[2012/05/11 19:23:10 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BF3D0EA3
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A5388B43

< End of report >
  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.


sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#42
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.

...

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

Everything to this point worked correctly

del  cbs.log

The process cannot access the file because it is being used by another process.
Skipped step after a dozen failed attempts

sfc  /scannow

"Beginning system scan. This process will take some time.
There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again."

Advise? Also, curiously, every time I boot I'm now bombarded by two copies of desktop.ini

Edited by Sarous, 11 May 2012 - 08:49 PM.

  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
See if you have a file:

C:\windows\winsxs\pending.xml

Rename it to oldpending.xml.bad or just move it to a new folder.


It's probably a system hidden file so if you can't see it:

Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.
  • 0

#44
Sarous

Sarous

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
File is visible, this account has full admin privilages, and UAC is disabled; I've tried renaming, moving, outright deleting- "You need permission to perform this action."
  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Isn't Vista fun? You need to right click on the file and select Properties then Security then Advanced and Owner. Then Change Owner to Administrators or your own login. Then it should let you mess with it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP