Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unwanted login screen keeps showing


  • Please log in to reply

#1
mike12r

mike12r

    Member

  • Member
  • PipPip
  • 27 posts
Hi, I recently started having a problem with an "authentication required" screen that keeps showing up when I open my firefox browser. I've never used this or heard of the site asking for the information and don't know why it is now showing up on my computer :upset: . My computer is also noticeably slower at times and did shut down for no reason, so I'm wondering if I have a hidden virus or program or if something else is trying to get my information - also my AVG suddenly became corrupted for no reason -which I had to reinstall - so that's strange. Can anybody help with this.... :help: thanks so much.

Attached Thumbnails

  • 132.JPG

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello mike12r and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


# Step 2 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, I have the scan results from the programs mentioned:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 20:37:45
-----------------------------
20:37:45.843 OS Version: Windows 5.1.2600 Service Pack 3
20:37:45.843 Number of processors: 2 586 0x4802
20:37:45.843 ComputerName: YOUR-7117B9CB05 UserName: Owner
20:38:07.437 Initialize success
20:39:00.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:39:00.281 Disk 0 Vendor: Hitachi_HTS541616J9AT00 SB4OA70H Size: 152627MB BusType: 3
20:39:00.343 Disk 0 MBR read successfully
20:39:00.343 Disk 0 MBR scan
20:39:00.343 Disk 0 unknown MBR code
20:39:00.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145612 MB offset 14346045
20:39:00.390 Disk 0 Partition 2 00 0B FAT32 RECOVERY 7004 MB offset 63
20:39:00.421 Disk 0 scanning sectors +312560640
20:39:00.625 Disk 0 scanning C:\WINDOWS\system32\drivers
20:40:02.531 Service scanning
20:41:18.703 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
20:41:25.140 Modules scanning
20:42:06.734 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
20:42:08.750 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
20:42:08.765 Disk 0 trace - called modules:
20:42:08.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:42:08.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a777ab8]
20:42:08.828 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000b2[0x8a7609e8]
20:42:08.843 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a760d98]
20:42:08.859 Scan finished successfully
20:42:56.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\MBR.dat"
20:42:56.593 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\aswMBR - log 6-12.txt"




OTL logfile created on: 6/10/2012 8:45:53 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 55.93% Memory free
3.72 Gb Paging File | 2.54 Gb Available in Paging File | 68.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 60.99 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.63 Gb Free Space | 67.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-7117B9CB05 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 20:39:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\OTL.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/09/29 11:02:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2010/06/26 12:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/19 17:11:32 | 000,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/12/19 17:11:26 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/09/06 17:14:18 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007/09/06 17:14:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2006/10/11 13:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/25 16:07:56 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/05/23 21:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/04/07 16:02:24 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/27 12:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/05/19 16:59:03 | 000,176,128 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/10 14:00:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sol.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/17 19:01:04 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_33e75f86\system.drawing.dll
MOD - [2012/05/17 19:01:00 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_8aa26ffe\system.windows.forms.dll
MOD - [2012/05/17 19:00:49 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/05/17 18:50:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5d704e1d\mscorlib.dll
MOD - [2012/05/17 18:49:54 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_273cea29\system.xml.dll
MOD - [2012/05/17 18:49:38 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_642cab8c\system.dll
MOD - [2012/05/17 18:49:27 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/05/17 18:49:24 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/04/16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/06 17:15:50 | 000,194,032 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2007/09/06 17:15:50 | 000,046,576 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2007/09/06 17:15:50 | 000,026,096 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2007/09/06 17:15:48 | 000,144,880 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2007/09/06 17:15:48 | 000,026,096 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2007/09/06 17:13:58 | 000,796,048 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
MOD - [2007/03/02 00:54:32 | 000,657,920 | ---- | M] () -- C:\Program Files\File Shredder\fsshell.dll
MOD - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/09/19 17:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/06/18 23:32:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/18 23:32:01 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006/06/18 23:32:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (YLXIBJ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE %C:\WINDOWS%\System32\bcmwltry.exe -- (wltrysvc)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/27 02:18:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/29 11:02:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/06 17:14:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2006/09/25 16:07:56 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UWProSys)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PORTMON)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/07 19:25:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/09 18:01:10 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2010/06/09 18:01:10 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2010/06/06 22:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/02 21:31:08 | 000,063,488 | ---- | M] (VerySoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\verysplitpro.sys -- (VERYSPLITPRO)
DRV - [2008/05/08 16:13:16 | 000,060,288 | ---- | M] (VerySoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\verysplit.sys -- (VERYSPLIT)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/25 16:46:32 | 000,015,360 | ---- | M] (VerySoft LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsaudio.sys -- (VSAudio)
DRV - [2007/09/06 17:14:28 | 000,395,080 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/06/11 13:44:10 | 000,050,416 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/06/27 08:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\superwebcam.sys -- (SUPERWEBCAM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/16 09:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/29 17:43:16 | 000,030,296 | ---- | M] (Eagletron Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dvdriver.sys -- (DVDRIVER)
DRV - [2003/01/16 14:48:46 | 000,245,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndp202.sys -- (SNDP202) Dual Mode Camera (8008 VGA)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pgatour.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=PTB&M=MX6453
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6453
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=PTB&M=MX6453
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6453
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pgatour.com/
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\{0BC87AC8-4DCA-4BFE-859E-6D624E0D32C9}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\{2880F229-672A-422A-9911-1877833B57D5}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-02 04:54:32&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\SearchScopes\Google: "URL" = http://www.google.co...&rlz=1I7GWYE_en
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.pgatour.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=12: C:\Program Files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/19 17:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/03 20:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/07 19:20:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 02:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 19:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0b2\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/10/29 04:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0b2\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2012/04/17 19:16:36 | 000,000,000 | ---D | M]

[2010/01/10 05:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Extensions
[2010/01/10 05:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Extensions\[email protected]
[2012/06/01 01:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions
[2011/06/10 15:34:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/03/16 17:01:42 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2011/03/03 17:58:29 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/04/10 04:06:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2)
[2011/02/06 13:13:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/01/20 18:55:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/12 16:43:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\[email protected]
[2011/02/06 13:13:22 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\[email protected](2).beard
[2012/03/18 15:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/03 20:25:48 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/07 19:20:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/05/17 18:43:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/04/27 02:18:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/23 17:21:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/11/27 18:15:36 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2012/03/02 05:54:04 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/27 02:18:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/27 02:18:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/11 15:56:42 | 000,435,931 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 15008 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\Toolbar\WebBrowser: (Splitcam DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Splitcam DB Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BeeWallpapers] C:\Program Files\Bee Wallpapers\BeeWallpapers.exe (beewallpapers.com)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKLM..\Run: [WxEx] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [AvgRemover] C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Financial Files & Records\Defragment & Scan Files\avg_remover_stf_x86_2012_2125.exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\Owner.YOUR-7117B9CB05\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/DDD%20Pool/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Value error.)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernet...urferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://taturousushi....1/bl_camera.cab (Bl_camera Control)
O16 - DPF: {88E154C5-316F-47C4-8275-53BCF30586EC} http://nettrooper.se.../SSMActivex.cab (SSMMainForm Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://ebdemo.8800.o...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://taturousushi....et/JpegInst.cab (pmjpegcam Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D78C166-89B5-4066-BBF2-2AED67182972}: DhcpNameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D78C166-89B5-4066-BBF2-2AED67182972}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{506B92FB-A770-49DE-B465-8EA15A95D517}: DhcpNameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E2C4D29-4052-4AA7-944B-661691C43E89}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B99AA079-B9C5-4367-B258-3D89376775CE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B99AA079-B9C5-4367-B258-3D89376775CE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA241928-BDCD-46F0-8367-D29353F2E79A}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:1 () - http://ebdemo.8800.o...x.shtml?id=1595
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 20:39:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\OTL.exe
[2012/06/10 20:36:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\aswMBR.exe
[2012/06/07 19:25:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/07 19:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/06/07 19:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/06/03 20:25:32 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/30 22:56:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Recent
[2012/05/23 21:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\cce_2.4.225190.192_x32
[2012/05/23 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Avira
[2012/05/23 19:14:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/05/23 19:14:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/05/23 19:14:15 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/05/23 19:14:14 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/23 19:14:14 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/23 19:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/23 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/05/14 20:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Instant Messenger
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 21:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{27BE6D67-7A37-48D8-BA87-35590B662B7F}.job
[2012/06/10 21:19:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/10 20:42:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\MBR.dat
[2012/06/10 20:39:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\OTL.exe
[2012/06/10 20:37:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\aswMBR.exe
[2012/06/10 20:36:28 | 000,019,172 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\aswMBRscan.png
[2012/06/10 20:34:03 | 100,160,397 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/08 18:08:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/08 00:46:21 | 000,353,248 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/06/08 00:44:34 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 00:43:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/08 00:43:30 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 00:15:23 | 002,983,076 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/06/08 00:15:22 | 224,007,200 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/06/07 21:34:06 | 000,178,051 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Retail price list GD.pdf
[2012/06/07 19:25:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/07 19:09:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 17:32:50 | 000,008,180 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/05/23 19:14:48 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/05/22 17:37:03 | 000,001,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 3.0.lnk
[2012/05/21 20:39:20 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/05/21 20:39:03 | 000,731,564 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/21 20:39:03 | 000,182,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 22:57:42 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/05/19 18:28:30 | 000,010,593 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/05/18 18:30:24 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 20:45:20 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Popgamebox.lnk
[2012/05/17 19:15:11 | 000,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/17 19:11:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/14 13:52:49 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 20:42:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\MBR.dat
[2012/06/10 20:36:23 | 000,019,172 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\aswMBRscan.png
[2012/06/10 20:34:03 | 100,160,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/07 21:34:06 | 000,178,051 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Retail price list GD.pdf
[2012/05/23 19:14:48 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/05/23 18:34:53 | 000,298,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 02:35:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/30 08:30:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/01 11:55:49 | 000,108,544 | ---- | C] () -- C:\WINDOWS\IEcheck.exe
[2010/12/18 15:06:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/15 20:18:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\housecall.guid.cache
[2010/10/16 00:31:03 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Hitachi HTS541616J9AT00
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 142.00GB
Starting Offset: 7345175040
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/22 09:06:19 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/23 18:37:49 | 000,000,154 | ---- | M] () -- C:\DVDRipper_debug.txt
[2008/08/02 01:45:53 | 000,004,804 | ---- | M] () -- C:\GoogleUpdater_Download
[2012/06/08 00:43:30 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/25 15:59:11 | 000,001,193 | -H-- | M] () -- C:\IPH.PH
[2012/03/29 19:17:26 | 000,000,004 | -H-- | M] () -- C:\ldk
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/08 20:38:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/08 00:43:28 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/02/03 00:26:47 | 000,010,302 | ---- | M] () -- C:\RootRepeal report 02-02-10 (23-26-47).txt
[2010/10/16 02:10:12 | 000,010,455 | ---- | M] () -- C:\Setup Log.txt
[2008/07/28 18:19:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/28 22:57:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/07/29 22:12:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/07/30 13:40:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/07/30 16:27:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/10/10 19:10:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/10 21:21:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/01/20 03:43:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/01/20 03:44:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/10/28 23:02:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/06/26 18:23:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/06/26 18:24:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/06/30 11:51:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/06/30 11:53:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/07/03 22:02:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/07/04 17:08:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/07/20 13:23:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/07/22 20:49:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/07/23 22:08:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/07/24 18:06:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/07/28 18:19:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/07/28 22:57:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/07/29 22:12:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/07/30 13:40:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/07/30 16:27:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/10/10 19:10:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/10 21:21:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/01/20 03:43:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/01/20 03:44:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/10/28 23:02:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/06/26 18:23:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/06/26 18:24:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/06/30 11:51:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/06/30 11:53:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/07/03 22:02:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/07/04 17:08:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/07/20 13:23:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/07/22 20:49:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/07/23 22:08:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/07/24 18:06:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/27 18:33:32 | 000,000,156 | ---- | M] () -- C:\YServer.txt
[2010/04/01 23:35:33 | 000,014,949 | ---- | M] () -- C:\ZB20100401233440001.xml
[2010/06/16 23:37:06 | 000,019,582 | ---- | M] () -- C:\ZB20100616233544001.xml
[2010/07/09 23:26:02 | 000,010,090 | ---- | M] () -- C:\ZB20100709232525001.xml
[2010/09/22 23:45:03 | 000,013,028 | ---- | M] () -- C:\ZB20100922234418001.xml
[2011/01/10 19:15:19 | 000,008,169 | ---- | M] () -- C:\ZB20110110181453001.xml
[2011/04/10 22:39:09 | 000,007,830 | ---- | M] () -- C:\ZB20110410223847001.xml
[2011/06/10 15:17:16 | 000,007,943 | ---- | M] () -- C:\ZB20110610151645001.xml
[2011/11/17 15:16:45 | 000,010,768 | ---- | M] () -- C:\ZB20111117141613001.xml
[2011/11/17 15:54:40 | 000,016,559 | ---- | M] () -- C:\ZB20111117145319001.xml
[2011/11/18 12:54:33 | 000,000,383 | ---- | M] () -- C:\ZB20111118115432001.xml
[2011/11/18 13:29:26 | 000,000,383 | ---- | M] () -- C:\ZB20111118122925001.xml
[2011/11/27 16:13:01 | 000,001,389 | ---- | M] () -- C:\ZB20111127151258001.xml

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\avgidshx.sys
[2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avkmgr.sys
[2012/06/08 00:15:22 | 224,007,200 | -HS- | M] () -- C:\WINDOWS\system32\drivers\fidbox.dat
[2012/06/08 00:15:23 | 002,983,076 | -HS- | M] () -- C:\WINDOWS\system32\drivers\fidbox.idx
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/06/07 19:25:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %PROGRAMFILES%\*.* >
[2007/01/18 21:50:44 | 000,401,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\3DwindowsXP.exe
[2007/02/09 03:13:25 | 000,000,043 | ---- | M] () -- C:\Program Files\blank.gif
[2007/01/25 06:06:18 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2007/11/17 01:05:06 | 000,011,217 | ---- | M] () -- C:\Program Files\hijackthis.log
[2007/01/17 18:59:26 | 000,430,634 | ---- | M] () -- C:\Program Files\lolinst2578318.exe
[2000/12/11 10:13:54 | 001,955,840 | ---- | M] (eFront Media, Inc.) -- C:\Program Files\POWERARC.EXE
[2007/01/18 01:37:43 | 001,626,624 | ---- | M] () -- C:\Program Files\RhapsodyPlayerEngine_gt.msi
[2007/02/09 03:13:24 | 000,269,424 | ---- | M] (The Weather Channel Interactive) -- C:\Program Files\TheWeatherChannel_dw5_Stubweather5.exe
[2008/03/15 18:17:00 | 000,005,632 | -HS- | M] () -- C:\Program Files\Thumbs.db
[2007/01/18 22:36:04 | 011,628,032 | ---- | M] () -- C:\Program Files\VideoScreensaver.msi
[2007/01/18 20:54:51 | 039,994,008 | ---- | M] () -- C:\Program Files\zlsSetup_70_302_000_en.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /HideShortcuts [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /ShowShortcuts [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /SetAsDefaultAppGlobal [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\open\command\\: C:\Program Files\Netscape\Navigator 9\navigator.exe [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\properties\command\\: "C:\Program Files\Netscape\Navigator 9\navigator.exe" -preferences [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\safemode\command\\: "C:\Program Files\Netscape\Navigator 9\navigator.exe" -safemode [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGA~1.EXE\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/27 02:18:11 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/27 02:18:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /HideShortcuts [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /ShowShortcuts [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe" /SetAsDefaultAppGlobal [2007/07/10 14:33:33 | 000,425,211 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\open\command\\: C:\Program Files\Netscape\Navigator 9\navigator.exe [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\properties\command\\: "C:\Program Files\Netscape\Navigator 9\navigator.exe" -preferences [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGATOR.EXE\shell\safemode\command\\: "C:\Program Files\Netscape\Navigator 9\navigator.exe" -safemode [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\NAVIGA~1.EXE\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE [2007/07/10 14:33:30 | 007,954,432 | ---- | M] (Netscape)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/06/05 21:37:51 | 000,949,104 | ---- | M] (Opera Software)

========== Files - Unicode (All) ==========
[2011/12/29 16:09:50 | 000,000,384 | ---- | M] ()(C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Bún Th?t Nu?ng.txt) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Bún Thịt Nướng.txt
[2011/12/21 02:01:33 | 000,302,592 | ---- | M] ()(C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Penang Hokkien Mee ????.doc) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Penang Hokkien Mee 福建虾面.doc
[2011/12/21 02:01:32 | 000,302,592 | ---- | C] ()(C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Penang Hokkien Mee ????.doc) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Penang Hokkien Mee 福建虾面.doc
[2011/09/10 04:09:45 | 000,000,384 | ---- | C] ()(C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Bún Th?t Nu?ng.txt) -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\Bún Thịt Nướng.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpgldfsh.scr:SummaryInformation
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C

< End of report >




OTL Extras logfile created on: 6/10/2012 8:45:53 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 55.93% Memory free
3.72 Gb Paging File | 2.54 Gb Available in Paging File | 68.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 60.99 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.63 Gb Free Space | 67.88% Space Free | Partition Type: FAT32

Computer Name: YOUR-7117B9CB05 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Change Folder Background...] -- "C:\Program Files\SodaBush\Windowpaper XP v1.01\wpxp.exe" /folderPath:%1 (SodaBush Development)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1159217872\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1159217872\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Opera 10.50 Beta\opera.exe" = C:\Program Files\Opera 10.50 Beta\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\LimeWire\LimeWire.exe" = C:\Documents and Settings\Owner.YOUR-7117B9CB05\Desktop\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C0CB1D-FF49-43F1-ADC5-65F05DB7BDD1}" = ATI Catalyst Control Center
"{0BE09C85-033C-4DDA-AE0F-DDEB2C3898C8}" = Weather Exchange
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6219D629-2E91-4439-9D1B-7DE27D5ABCBB}" = Bee Wallpapers
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{66D97020-1814-4DA8-A2AC-7CAED535F2D1}" = VideoCam Suite 3.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80CE352B-9086-44FC-BD57-BD6CFA4C9AB1}" = SodaBush Windowpaper XP v1.01
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B5FE5F5A-94DB-44DA-964E-FC2A06A0FB58}_is1" = PopGameBox
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69BB189-4B20-46AE-93CF-59099F05FC3F}" = OutlookTools 2
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Dual Mode Camera (8008 VGA)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F20ED089-F3B4-4188-AE44-E9C567FA5E66}" = EGS Recipe Center
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"3D Windows XP" = 3D Windows XP Screen Saver
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"Any to Icon" = Any to Icon
"Any Video Converter_is1" = Any Video Converter 3.0.3
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"Avira AntiVir Desktop" = Avira Free Antivirus
"AXIS Camera Server Control" = AXIS Camera Server Control
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BigFix" = BigFix
"Blue Skies College Edition" = Blue Skies College Edition
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Camfrog 6.0" = Camfrog Video Chat 6.0
"Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner (remove only)
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"CSCLIB" = Canon Camera Support Core Library
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Setup.divx.com" = DivX Setup
"DVDFab 8 Qt_is1" = DVDFab 8.1.0.0 (16/06/2011) Qt
"E.E.S.E.E." = E.E.S.E.E.
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"EOS Utility" = Canon Utilities EOS Utility
"File Shredder_is1" = File Shredder 2.0
"FLV Player" = FLV Player 2.0, build 23
"Freecorder4.02" = Freecorder 4.02 Application
"Google Updater" = Google Updater
"gtw_logo" = gtw_logo
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InterActual Player" = InterActual Player
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Netscape Navigator (9.0b2)" = Netscape Navigator (9.0b2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.60.1185" = Opera 11.60
"Panda ActiveScan" = Panda ActiveScan
"PBS1e_1.0" = Practice of Business Statistics
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ROXIO_PRISM_V4_0" = PhotoSuite 4 (Remove Only)
"SaveVid Plug-in" = SaveVid Plug-in
"Scenic- Happy Thanksgiving Wallpaper" = Scenic- Happy Thanksgiving Wallpaper
"SereneScreen Marine Aquarium 2.6, LifeGlobe Gold~81774502_is1" = Marine Aquarium 2.6, Goldfish Aquarium 2 & Sharks, Terrors of t
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Splitcam DB Toolbar" = Splitcam DB Toolbar
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"vShare" = vShare Plugin
"Walgreens PhotoShow Express" = Walgreens PhotoShow Express
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Weather Plus Desktop Weather" = Weather Plus Desktop Weather
"WeatherBug" = WeatherBug
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935100244-3539384628-2548627660-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3584952854.www1.movie-promo.com" = PNY Movie Player
"Analog Clock" = Analog Clock
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Radio_FM Player" = Radio_FM Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2012 1:06:49 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4016

Error - 6/10/2012 6:43:51 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/10/2012 6:43:51 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2125

Error - 6/10/2012 6:43:51 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2125

Error - 6/10/2012 6:43:53 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/10/2012 6:43:53 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4110

Error - 6/10/2012 6:43:53 AM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4110

Error - 6/10/2012 4:36:38 PM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/10/2012 4:36:38 PM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2172

Error - 6/10/2012 4:36:38 PM | Computer Name = YOUR-7117B9CB05 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2172

[ System Events ]
Error - 6/8/2012 1:46:00 AM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7000
Description = The Broadcom Wireless LAN Tray Service service failed to start due
to the following error: %%2

Error - 6/8/2012 1:46:00 AM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7000
Description = The DVDRIVER service failed to start due to the following error: %%1058

Error - 6/8/2012 1:46:13 AM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg

Error - 6/8/2012 7:09:18 PM | Computer Name = YOUR-7117B9CB05 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/8/2012 7:09:18 PM | Computer Name = YOUR-7117B9CB05 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2012 7:24:19 PM | Computer Name = YOUR-7117B9CB05 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/8/2012 7:24:19 PM | Computer Name = YOUR-7117B9CB05 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2012 7:26:41 PM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).

Error - 6/9/2012 11:39:15 PM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 6/10/2012 3:14:48 PM | Computer Name = YOUR-7117B9CB05 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >
  • 0

#5
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You have two antivirus installed on your computer (AVG 2012 and Avira). Please uninstall one of them because have both installed brings no benefit for computer security. Besides, They can compete with each other for system resources. More than one AV running has been known to produce false positives, and you end up with less protection.

Besides of this, you have a lot of security softwares installed in your computer.
  • Ad-Aware SE Personal
  • IObit Malware Fighter
  • Malwarebytes Anti-Malware version 1.61.0.1400
  • SpywareBlaster 4.1
  • SpywareGuard v2.2
  • ZoneAlarm

I suggest you to uninstall most of them.

# Step 1 #
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

# Step 2 #

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\WINDOWS\System32\drivers\dxgthk.sys
    C:\WINDOWS\system32\ntdll.dll

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

# Step 3 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (YLXIBJ)
    FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
    [2010/03/16 17:01:42 | 000,000,000 | ---D | M] (SplitCam Toolbar) --  C:\Documents and Settings\Owner.YOUR-7117B9CB05\Application  Data\Mozilla\Firefox\Profiles\v6psdf2v.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
    [2012/03/02 05:54:04 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 -  HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\Toolbar\WebBrowser:  (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program  Files\vShare\vshare_toolbar.dll ()
    O3 -  HKU\S-1-5-21-1935100244-3539384628-2548627660-1006\..\Toolbar\WebBrowser:  (Splitcam DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  C:\Program Files\Splitcam DB Toolbar\tbcore3.dll ()
    [2007/01/17 18:59:26 | 000,430,634 | ---- | M] () -- C:\Program Files\lolinst2578318.exe
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#6
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have a major problem now** , I ran the OTL fixes as mentioned and now my computer is completely messed up - the program menu is changed, almost all my files and folders in my documents folder and computer is gone, my desktop picture is gone and most of my icons and documents on it are also gone, my taskbar has almost nothing, firefox is completely empty of all information and bookmarks... basically, I'd rather have my computer back to what is was a few minutes ago, because now I have almost nothing from before???



I also got error messages during the OTL fix.....see attached jpg.... this is not the only folder missing, almost all my information, folders - files, documents have now vanished from my computer after running OTL....

How do I get my computer back to whatever it was??? Also, I cant find system restore anymore, because it has now vanished from my start menu - program list, so I can't even use that...

Attached Thumbnails

  • 14.JPG

Edited by mike12r, 11 June 2012 - 10:22 PM.

  • 0

#7
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
another update, all of my microsoft office is gone and I found system restore after doing a file search, but after running and choosing several restore points dating back to april and may - it says that system restore is unsuccessful in restoring to an earlier point - so that looks useless now. My C drive shows that there is 84.4GB of used space - so it looks like most of my files and folders could be somewhere unaccessible, but everything is screwed up and scrambled by OTL, including system restore.
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.


  • 0

#9
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
so what has happened to my computer - can you please explain - I'd like to know whats going on? why are all my files and folders missing - error messages, everything is wrong and MS office and programs don't work anymore. Is this supposed to happen, My computer was more normal before? I will run the program shortly....
  • 0

#10
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I cant even run the program that you posted, please see image, windows wont let me...

Attached Thumbnails

  • 153.JPG

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Disable AVG and IE smart filter. There is no way that the small OTL fix could have done this. The signs are that you have contracted the HDD virus since the initial OTL log
Running Roguekiller will restore the hidden files/folders
  • 0

#12
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,
what is an HDD virus :unsure: ....
is it gone from the computer, thanks.

How do I disable the smart filter - I didn't know I had one with these.


I tried running roguekiller again and the computer said it was stopping the process because of some data execution prevention and I got an application error message that I attached here....

Edited by mike12r, 13 June 2012 - 10:35 PM.

  • 0

#13
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
the message says: " The memory could not be "written". Click on OK to terminate the program. :confused: Not sure why its doing this.

Attached Thumbnails

  • message1.JPG

Edited by mike12r, 13 June 2012 - 11:12 PM.

  • 0

#14
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I got another weird message when running the delete button on roguekiller.... it was from: Visual Studio Just-In-Time Debugger. not sure if the delete worked.

Attached Thumbnails

  • another weird message.JPG

  • 0

#15
mike12r

mike12r

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I am attaching the reports that I got from roguekiller:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 06/13/2012 23:33:44

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\RunOnce : AvgRemover (C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Financial Files & Records\Defragment & Scan Files\avg_remover_stf_x86_2012_2125.exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\Documents and Settings\All Users\Application Data\AVG2012\") -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541616J9AT00 +++++
--- User ---
[MBR] 066baec7920b5163c84ce8ef8c6e6d39
[BSP] db63615aa66f3fdfa2e467ad7beb91fe : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14346045 | Size: 145612 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7004 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 06/13/2012 23:41:06

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\RunOnce : AvgRemover (C:\Documents and Settings\Owner.YOUR-7117B9CB05\My Documents\Financial Files & Records\Defragment & Scan Files\avg_remover_stf_x86_2012_2125.exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\Documents and Settings\All Users\Application Data\AVG2012\") -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541616J9AT00 +++++
--- User ---
[MBR] 066baec7920b5163c84ce8ef8c6e6d39
[BSP] db63615aa66f3fdfa2e467ad7beb91fe : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14346045 | Size: 145612 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7004 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/13/2012 23:49:28

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Owner.YOUR-7117B9CB05\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 68 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 31 / Fail 0
My documents: Success 7 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2114 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP