Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Really stubborn Malware [Solved]


  • This topic is locked This topic is locked

#1
Plastic Welshman

Plastic Welshman

    Member

  • Member
  • PipPip
  • 41 posts
At the end of my tether
Have been at this weeks!!
Symptoms
Turns off My Kaspersky Anti Virus software.
Won't allow me to visit any antivirus websites and microsoft.
Messed up Ghost 9.0 so that it cannot reconcile changes.
Messed up AVG Link Scanner so that it always wants to power down so that "updates" can be installed.
Have taken hard drive out and have cleaned it on an unaffected machine using:
Malware Bytes, Super Anti-Spyware, StopZilla, Kasperskey.
They found malware and removed it.
As soon as I plugged my hard drive back in and restarted it I was back at square one within 10 minutes.
Still no luck!
Help!!


OS Windows XP Pro

OTL Log

OTL logfile created on: 20/06/2012 17:09:57 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Mosley Family\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 65.17% Memory free
5.08 Gb Paging File | 3.95 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 233.20 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
Drive E: | 284.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MUESLI-677F0939 | User Name: Mosley Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 16:40:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
PRC - [2012/05/17 19:08:30 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/05/04 18:21:50 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/05/01 13:08:41 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/04/04 13:13:18 | 000,067,408 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/04/04 13:13:08 | 000,182,096 | R--- | M] (iS3, Inc.) -- c:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2012/03/26 09:40:04 | 009,532,824 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/09 18:56:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/13 12:50:36 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/09 21:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 20:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/05 13:56:48 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2008/06/03 12:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe
PRC - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/01/28 12:55:10 | 001,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/01/24 18:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/05 15:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe
PRC - [2005/05/23 09:39:46 | 000,053,248 | R--- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2004/07/29 04:41:08 | 001,122,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
PRC - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 16:27:14 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/20 16:27:13 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/19 22:32:31 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/19 22:09:36 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/19 22:09:36 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/01 13:08:45 | 001,952,728 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/05/01 13:08:45 | 000,162,776 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/05/01 13:08:45 | 000,021,976 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/04/04 13:06:14 | 000,139,264 | R--- | M] () -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZEngine.dll
MOD - [2012/03/19 11:26:44 | 000,008,608 | ---- | M] () -- C:\Program Files\Innovative Solutions\DriverMax\sync.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libBase64.dll
MOD - [2012/01/09 18:56:50 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2010/02/05 19:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/07/29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/22 15:53:50 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hcwChDB.dll
MOD - [2008/01/28 12:55:10 | 001,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2008/01/24 18:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
MOD - [2008/01/18 00:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\cpuutil.dll
MOD - [2008/01/16 20:08:46 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/02/28 13:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2006/02/28 13:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2006/02/28 13:00:00 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2006/02/28 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/01/11 00:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005/06/23 01:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\PowerDll.dll
MOD - [2005/03/25 22:42:50 | 000,363,520 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll
MOD - [2004/08/04 01:56:58 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\MSDvbNP.ax
MOD - [2004/08/04 01:56:58 | 000,033,280 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/19 22:32:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 18:21:50 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 13:13:18 | 000,067,408 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\usbaucmd.sys -- (usbaucmd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/24 19:01:23 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/29 16:36:48 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/09 10:22:00 | 007,586,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2012/02/23 15:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/10/05 12:00:07 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/07/30 14:13:44 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/05/27 12:11:54 | 000,096,896 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/05/27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/05/27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/05/27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/05/27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/18 21:21:26 | 000,182,400 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2008/04/18 21:21:08 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2008/04/18 21:21:04 | 000,320,256 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2008/04/18 21:20:52 | 000,012,928 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2007/12/18 01:14:04 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/20 13:35:10 | 001,656,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2007/07/29 10:51:10 | 000,048,896 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/06/19 09:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 09:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 09:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 09:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 09:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007/06/13 10:08:46 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/05/14 10:12:28 | 003,526,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007/03/15 14:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2007/02/02 14:38:22 | 000,474,368 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 16:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/05/08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005/05/23 09:39:44 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/07/29 04:13:28 | 000,046,779 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2002/05/02 12:07:00 | 000,030,920 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search....rch.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search....rch.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search....rch.linkury.com
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001e8cbdd3a7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-11-08 21:07:57&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B51110A6-F783-4A87-AC2D-36220C232B70}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1.30
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://cloud-search....linkury.com&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 12:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/13 12:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 18:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2019/05/25 22:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/13 12:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/08 12:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions
[2010/09/08 12:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/10/05 17:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions\[email protected]
[2012/04/26 14:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions
[2011/12/08 22:17:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/06/08 22:38:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/27 17:18:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/28 12:22:08 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2012/04/26 14:17:23 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\[email protected]
[2010/05/04 09:43:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\[email protected]
[2012/04/09 20:08:25 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\searchplugins\Linkury Smartbar Search.xml
[2012/04/09 19:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/10 15:14:58 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/09 19:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/04/19 18:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/19 18:31:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/13 12:51:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/01/27 17:18:31 | 000,519,540 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MOSLEY FAMILY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5OJQTQH8.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/03 23:46:00 | 000,337,047 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MOSLEY FAMILY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5OJQTQH8.DEFAULT\EXTENSIONS\[email protected]
[2012/02/01 12:11:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/22 11:33:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/24 20:42:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/05/24 20:42:46 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/05/24 20:42:50 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2009/09/01 22:32:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/09 18:56:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/06/10 09:39:33 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\mozilla firefox\plugins\NPMySrch.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/15 08:02:35 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/09 19:25:44 | 000,002,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/01/09 18:56:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 18:56:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: My Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2006/02/28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [XgtTiuor] C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Mosley Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mosley Family\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\WinTV\Scheduler\scheduler.exe (Hauppauge Computer Works)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...IMIESRCHie7.cab (SearchCD Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe) - C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/13 11:47:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/27 07:59:10 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/08/14 10:23:39 | 000,000,000 | R--D | M] - E:\AutoUpd -- [ CDFS ]
O33 - MountPoints2\{03145327-094b-11dd-8feb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{03145327-094b-11dd-8feb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{359b6ea4-0d98-11de-a921-001e8cbdd3a7}\Shell\AutoRun\command - "" = L:\Toshiba\more4you.exe
O33 - MountPoints2\{e955a86a-7f2f-11e9-a106-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e955a86a-7f2f-11e9-a106-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e955a86a-7f2f-11e9-a106-806d6172696f}\Shell\AutoRun\command - "" = E:\CTRun\Start.exe -- [2006/04/13 02:00:00 | 000,057,344 | R--- | M] (Creative Technology Ltd.)
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 16:40:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
[2012/06/20 16:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/19 22:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\SUPERAntiSpyware.com
[2012/06/19 22:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/19 22:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/19 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/19 21:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/05/29 03:17:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/27 16:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\Malwarebytes
[2012/05/25 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/25 21:43:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/25 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/25 19:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Start Menu\Programs\SpyHunter
[2012/05/25 19:16:11 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/25 19:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/25 19:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/25 18:15:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mosley Family\Start Menu\Programs\Administrative Tools
[2012/05/24 21:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/05/24 20:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\AVG
[2012/05/24 20:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/05/24 19:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/05/24 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/05/24 19:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/05/24 19:01:23 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/05/23 18:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Ghost
[2012/05/22 19:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/20 16:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/20 16:40:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
[2012/06/20 16:37:45 | 000,146,817 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\AVGInstLog.cab
[2012/06/20 16:28:48 | 000,001,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/06/20 16:28:06 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 16:26:58 | 000,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/20 16:26:19 | 000,009,516 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2012/06/20 16:25:55 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-448539723-839522115-1003.job
[2012/06/20 16:25:54 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 16:25:53 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
[2012/06/20 16:25:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 22:32:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/19 22:32:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/19 22:09:15 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/19 21:53:14 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/27 19:19:38 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/27 18:00:14 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/05/27 16:58:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 21:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/25 19:16:13 | 000,001,999 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\SpyHunter.lnk
[2012/05/24 21:30:38 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/24 21:30:38 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/24 20:41:54 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/05/24 20:41:53 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/05/24 19:01:23 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/05/22 11:52:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-448539723-839522115-1003.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/20 16:37:45 | 000,146,817 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\AVGInstLog.cab
[2012/06/20 16:27:57 | 000,001,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/06/19 22:09:15 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/25 21:47:19 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/25 21:43:46 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 19:16:13 | 000,001,999 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\SpyHunter.lnk
[2012/05/24 21:31:47 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
[2012/05/24 21:30:38 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/24 21:30:38 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/24 19:04:52 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/05/24 19:04:51 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/20 16:10:08 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/04/14 16:47:24 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012/04/14 16:47:24 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012/04/14 16:47:19 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2012/04/14 16:47:19 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2012/04/09 19:26:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012/04/09 19:26:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/11/08 22:31:26 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\WebpageIcons.db
[2011/08/12 22:38:09 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2010/09/16 18:55:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Mosley Family\My Documents\Tofino 015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Mosley Family\My Documents\savetheantelope.mpg:TOC.WMV
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EFC7295
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Extras.txt File


OTL Extras logfile created on: 20/06/2012 17:09:57 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Mosley Family\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 65.17% Memory free
5.08 Gb Paging File | 3.95 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 233.20 Gb Free Space | 50.07% Space Free | Partition Type: NTFS
Drive E: | 284.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MUESLI-677F0939 | User Name: Mosley Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1040:TCP" = 1040:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\setup\HPZNET01.EXE" = H:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\setup\HPZnet01.exe" = E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\MSN BackUp\MSNBackup.exe" = C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp -- (Leonardo Bai)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}" = Skins
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{14378007-ACD5-2482-33A1-F79289A452E7}" = Catalyst Control Center Graphics Full Existing
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EA29B6A-EF86-4F7C-9F70-71A446F37F4E}" = Become A Human Body Explorer
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C216C29-D74B-4ACF-852A-82C4F3EED2F7}" = Copy
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}" = Catalyst Control Center Graphics Light
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E05249B-CC02-40E7-85B6-29627BFE9454}" = Scan
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.081
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}" = Catalyst Control Center Graphics Full New
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager
"{68C83D63-C661-C444-7E60-E0328D842ECB}" = ccc-core-preinstall
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}" = ccc-core-static
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B55A60-5E51-11D4-A766-00C00C02EDEF}" = Nancy Drew: Message in a Haunted Mansion
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7CFD1028-F6C9-4b3c-BD20-51D56E7C7C8D}" = HP Scanjet 3770
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}" = CCC Help English
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = VIMICRO USB PC Camera V
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2273570-B532-4F8D-892E-14999C591E25}" = Kruptos 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}" = USB PC Camera VC305
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Genesys USB Mass Storage Device
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B4CDFECB-0A6F-45D6-BE36-B3DCB8367076}" = Dovada Calculator
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCB002B8-493D-4C3F-A968-774FC0881033}" = Nero 7 Essentials
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDFE199D-E889-4BB6-BECB-C4BDF5700849}" = Documents To Go
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAF76A13-FA1A-4659-95CB-6F8FDE6BA030}" = hpg3770
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D3161124-2B4D-478F-901A-D21BCAD72C7E}" = Addit
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DE3283DF-2228-4E95-90B0-3F8B37C524AB}" = Guillemot Force Feedback Joystick Drivers
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}" = Watchtower Library 2011 - English
"{EEE76149-DC7F-4D3E-B021-6152DF574FA6}" = Pippa Funnell - Secrets of the Ranch
"{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}" = Pippa Funnell
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F43120F7-7DBF-4E10-BC9B-19373989AAFF}_is1" = Windows Password Unlocker Standard Demo 5.0.0.0
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{F73920B1-FD39-6893-4E9B-748311B666AF}" = Catalyst Control Center Graphics Previews Common
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"7-Zip" = 7-Zip 4.44 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"AVG" = AVG 2012
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DataRecov" = Sondle Data Recovery Assist
"Deep Space 3D Screensaver_is1" = Deep Space 3D Screensaver 1.0
"DMX5_is1" = DriverMax 6
"Earth 3D Screensaver_is1" = Earth 3D Screensaver 1.0
"ExpressRip" = Express Rip
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FPAdjust" = FPAdjust
"Gmail Password Recovery" = Gmail Password Recovery (remove only)
"Google Chrome" = Google Chrome
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Image Zone 4.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Key Stage 3 Science" = Key Stage 3 Science
"KS3PhysicsDemo_1.0_is1" = Focus on KS3 Physics (demo)
"Lagoon 3D Screensaver_is1" = Lagoon 3D Screensaver 1.0
"Life A-Level Mathematics" = Life A-Level Mathematics
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-GB)" = Mozilla Thunderbird 12.0.1 (x86 en-GB)
"MP3 Disc Burner_is1" = MP3 Disc Burner 1.85
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MSN BackUp" = MSN BackUp 1.3.2
"MSNINST" = MSN
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Alarm Clock" = PC Alarm Clock
"PDFlite" = PDFlite 0.6
"Perfect Alarm Clock" = Perfect Alarm Clock
"Pippa Funnell 3" = Pippa Funnell 3
"ProjectX_0" = ProjectX 0.90.4.00
"QuickTime" = QuickTime
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.0.3
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"TMSExplorer" = TMS Explorer
"TomTom HOME" = TomTom HOME 2.8.1.2218
"ToolBox" = NCH Toolbox
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.1.0
"Uru - Ages Beyond Myst" = Uru - Ages Beyond Myst
"USB-706 Vibration Joystick" = USB-706 Vibration Joystick
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Voyage of Columbus 3D Screensaver_is1" = Voyage of Columbus 3D Screensaver 1.0
"VST Bridge_is1" = VST Bridge 1.1
"VTPlus32 for WinTV (English)" = VTPlus32 for WinTV (English)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Password Recovery Tool 3.0" = Windows Password Recovery Tool 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7bec2f28b4901877" = satellitetvcube
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/05/2019 17:02:34 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:02:39 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:43 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 25/05/2019 17:02:58 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:03:23 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:03:46 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

[ Application Events ]
Error - 25/05/2019 17:02:34 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:02:39 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:43 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 25/05/2019 17:02:44 | Computer Name = MUESLI-677F0939 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 25/05/2019 17:02:58 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:03:23 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

Error - 25/05/2019 17:03:46 | Computer Name = MUESLI-677F0939 | Source = Norton Ghost 9.0 | ID = 100
Description = Description: Unable to successfully reconcile changes since last session.
Unable to enumerate the current drives on this system. Cannot initialize the Storage
Management Engine. Details: Unspecified error Source: Norton Ghost 9.0

[ System Events ]
Error - 25/02/2012 12:01:50 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/02/2012 13:13:54 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/02/2012 14:13:57 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/02/2012 15:25:54 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/02/2012 16:26:05 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/02/2012 17:26:08 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 26/02/2012 15:49:13 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 26/02/2012 17:24:23 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 08/03/2012 10:44:42 | Computer Name = MUESLI-677F0939 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ELEANOR-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E725B942-BB4D-4B5. The master browser is stopping or an election is
being forced.

Error - 25/05/2019 17:01:33 | Computer Name = MUESLI-677F0939 | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.


< End of report >

Edited by Plastic Welshman, 20 June 2012 - 10:35 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah mysteries I like those.. Is Kaspersky able to run at all as I would like to use that - it will not require updating

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001e8cbdd3a7
    [2012/04/09 20:08:25 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\searchplugins\Linkury Smartbar Search.xml
    [2012/04/09 19:25:44 | 000,002,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKCU..\Run: [XgtTiuor] C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe) - C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
    [2012/05/22 19:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download aswMBR.zip from my site here to your desktop
Unzip aswMBR and run as below

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Creating an AVZ Sysinfo log using KAV/KIS 2009, 2010 or 2011

To create an AVZ logfile, please launch Kaspersky and click on "Support" in the bottom left hand corner of the main screen.
Then click on "Support Tools".
A new window will open, and underneath the "Actions" heading you will find a button labelled "Create system state report".
Click this button to create the AVZ sysinfo log.

Once your system has been analysed, click on "View" in order to open the logfile location.
The logfile should be located in C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\AVZ folder for Windows XP and will be called sysinfo.zip (for Windows Vista/7 this will be C:\ProgramData\Kaspersky Lab\AVP11\AVZ).
Please collect this file, and attach it to your post/topic.
  • 0

#3
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Kaspersky is not operational. Its starts up and then disappears!
Shall I proceed with the other instructions?
  • 0

#4
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
By the way I had to rename the malwarebytes executable to sausages.exe to get it to work otherwise the malware prevents it from working!!
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes continue with OTL and aswMBR - but you can rename aswMBR
  • 0

#6
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Disabled Malwarebytes
Rebooted
Run OTL Ran script rebooted
Run OTL on quick scan

Here is the Log

OTL logfile created on: 20/06/2012 19:48:14 - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Mosley Family\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.29% Memory free
5.08 Gb Paging File | 4.33 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 233.92 Gb Free Space | 50.22% Space Free | Partition Type: NTFS
Drive E: | 284.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MUESLI-677F0939 | User Name: Mosley Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 16:40:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/05/04 18:21:50 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/04/04 13:13:18 | 000,067,408 | R--- | M] (iS3, Inc.) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/09 18:56:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/13 12:50:36 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/09 21:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 20:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/05 13:56:48 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
PRC - [2008/06/03 12:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe
PRC - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/01/28 12:55:10 | 001,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/01/24 18:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/05 15:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe
PRC - [2005/05/23 09:39:46 | 000,053,248 | R--- | M] (General) -- C:\WINDOWS\system32\umonit.exe
PRC - [2004/07/29 04:41:08 | 001,122,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
PRC - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/04 13:06:14 | 000,139,264 | R--- | M] () -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZEngine.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\STOPzilla!\VIPRE\libBase64.dll
MOD - [2012/01/09 18:56:50 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2010/02/05 19:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/07/29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/04/22 15:53:50 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hcwChDB.dll
MOD - [2008/01/28 12:55:10 | 001,413,120 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2008/01/24 18:53:16 | 000,613,376 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
MOD - [2008/01/18 00:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\cpuutil.dll
MOD - [2008/01/16 20:08:46 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2006/02/28 13:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2006/02/28 13:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2006/02/28 13:00:00 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2006/02/28 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/01/11 00:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005/06/23 01:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.59\PowerDll.dll
MOD - [2005/03/25 22:42:50 | 000,363,520 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll
MOD - [2004/08/04 01:56:58 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\MSDvbNP.ax
MOD - [2004/08/04 01:56:58 | 000,033,280 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/19 22:32:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 18:21:50 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 13:13:18 | 000,067,408 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\usbaucmd.sys -- (usbaucmd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/24 19:01:23 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/29 16:36:48 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2012/03/27 17:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/03/09 10:22:00 | 007,586,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2012/02/23 15:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/10/05 12:00:07 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/07/30 14:13:44 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/05/27 12:11:54 | 000,096,896 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/05/27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/05/27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/05/27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/05/27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/18 21:21:26 | 000,182,400 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2008/04/18 21:21:08 | 000,012,288 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2008/04/18 21:21:04 | 000,320,256 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2008/04/18 21:20:52 | 000,012,928 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2007/12/18 01:14:04 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/20 13:35:10 | 001,656,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2007/07/29 10:51:10 | 000,048,896 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/06/19 09:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 09:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 09:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 09:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 09:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007/06/13 10:08:46 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/05/14 10:12:28 | 003,526,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007/03/15 14:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2007/02/02 14:38:22 | 000,474,368 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftav.sys -- (vvftav)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/18 16:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 16:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 16:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/05/08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005/05/23 09:39:44 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor)
DRV - [2004/08/13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/07/29 04:13:28 | 000,046,779 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2002/05/02 12:07:00 | 000,030,920 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search....rch.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search....rch.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search....rch.linkury.com
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-11-08 21:07:57&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B51110A6-F783-4A87-AC2D-36220C232B70}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1.30
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://cloud-search....linkury.com&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 12:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/13 12:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/05/24 20:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 18:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2019/05/25 22:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/13 12:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/08 12:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions
[2010/09/08 12:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/10/05 17:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Extensions\[email protected]
[2012/04/26 14:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions
[2011/12/08 22:17:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/06/08 22:38:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/27 17:18:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/28 12:22:08 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2012/04/26 14:17:23 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\[email protected]
[2010/05/04 09:43:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\extensions\[email protected]
[2012/04/09 19:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/10 15:14:58 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/09 19:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/04/19 18:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/19 18:31:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/13 12:51:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/01/27 17:18:31 | 000,519,540 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MOSLEY FAMILY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5OJQTQH8.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/03 23:46:00 | 000,337,047 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MOSLEY FAMILY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5OJQTQH8.DEFAULT\EXTENSIONS\[email protected]
[2012/02/01 12:11:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/22 11:33:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/24 20:42:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/05/24 20:42:46 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/05/24 20:42:50 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2009/09/01 22:32:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/09 18:56:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2008/06/10 09:39:33 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\mozilla firefox\plugins\NPMySrch.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/15 08:02:35 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/09 18:56:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 18:56:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: My Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2012/06/20 19:46:42 | 000,000,123 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [XgtTiuor] C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Mosley Family\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mosley Family\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\WinTV\Scheduler\scheduler.exe (Hauppauge Computer Works)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...IMIESRCHie7.cab (SearchCD Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe) - C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mosley Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/13 11:47:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/27 07:59:10 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/08/14 10:23:39 | 000,000,000 | R--D | M] - E:\AutoUpd -- [ CDFS ]
O33 - MountPoints2\{03145327-094b-11dd-8feb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{03145327-094b-11dd-8feb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{359b6ea4-0d98-11de-a921-001e8cbdd3a7}\Shell\AutoRun\command - "" = L:\Toshiba\more4you.exe
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 19:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\pachxufb
[2012/06/20 19:41:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/20 16:40:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
[2012/06/19 22:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\SUPERAntiSpyware.com
[2012/06/19 22:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/19 22:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/19 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/19 21:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/05/29 03:17:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/27 16:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\Malwarebytes
[2012/05/25 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/25 21:43:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/25 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/25 19:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Start Menu\Programs\SpyHunter
[2012/05/25 19:16:11 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/25 19:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/25 19:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/25 18:15:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mosley Family\Start Menu\Programs\Administrative Tools
[2012/05/24 21:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/05/24 20:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Application Data\AVG
[2012/05/24 20:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/05/24 19:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/05/24 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/05/24 19:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/05/24 19:01:23 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/05/23 18:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Ghost

========== Files - Modified Within 30 Days ==========

[2012/06/20 19:52:42 | 002,107,728 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\aswMBR.zip
[2012/06/20 19:47:28 | 000,001,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/06/20 19:46:42 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/20 19:46:28 | 000,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/20 19:46:01 | 000,009,528 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2012/06/20 19:45:40 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-448539723-839522115-1003.job
[2012/06/20 19:45:38 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 19:45:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
[2012/06/20 19:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/20 19:28:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 18:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/20 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/06/20 16:40:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mosley Family\Desktop\OTL.exe
[2012/06/20 16:37:45 | 000,146,817 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\AVGInstLog.cab
[2012/06/19 22:09:15 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/19 21:53:14 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/27 19:19:38 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/27 16:58:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 21:04:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/25 19:16:13 | 000,001,999 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\SpyHunter.lnk
[2012/05/24 21:30:38 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/24 21:30:38 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Mosley Family\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/24 20:41:54 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/05/24 20:41:53 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/05/24 19:01:23 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/05/22 11:52:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-448539723-839522115-1003.job

========== Files Created - No Company Name ==========

[2012/06/20 19:52:45 | 002,107,728 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\aswMBR.zip
[2012/06/20 19:46:48 | 000,001,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/06/20 16:37:45 | 000,146,817 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\AVGInstLog.cab
[2012/06/19 22:09:15 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/25 21:47:19 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/25 21:43:46 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 19:16:13 | 000,001,999 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\SpyHunter.lnk
[2012/05/24 21:31:47 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
[2012/05/24 21:30:38 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/24 21:30:38 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/24 19:04:52 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/05/24 19:04:51 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/20 16:10:08 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/04/14 16:47:24 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012/04/14 16:47:24 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012/04/14 16:47:19 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2012/04/14 16:47:19 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2012/04/09 19:26:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012/04/09 19:26:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011/11/08 22:31:26 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mosley Family\Local Settings\Application Data\WebpageIcons.db
[2011/08/12 22:38:09 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2010/09/16 18:55:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll

========== LOP Check ==========

[2012/05/25 19:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/12/06 23:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/04/09 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/02/02 17:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/17 23:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/12/07 12:28:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/05 13:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2011/05/21 23:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/06/17 21:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/04/14 18:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2008/05/05 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/06/10 09:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/10/05 11:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2012/06/20 19:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2012/06/20 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/07/30 14:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/17 23:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/04/29 11:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/08 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pippa Funnell - Secrets of the Ranch
[2010/05/02 15:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/06/20 19:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/02/05 17:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2012/06/20 19:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/14 18:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/05/23 14:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Ace
[2008/10/14 11:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Audacity
[2012/05/24 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\AVG
[2011/10/18 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\AVG2012
[2012/04/09 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Babylon
[2010/09/23 10:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Desktopicon
[2008/10/02 14:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\HiYo
[2008/10/05 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\HotSync
[2008/04/13 12:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\IsolatedStorage
[2008/10/05 13:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Leadertech
[2008/12/20 11:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\LumaPix
[2009/09/22 20:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\NCH Swift Sound
[2012/04/09 19:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\OpenCandy
[2009/02/14 11:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\OpenOffice.org
[2008/08/24 11:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Opera
[2012/04/09 19:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\pdfforge
[2012/04/09 19:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\PDFlite
[2008/07/10 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Snapfish
[2012/04/14 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\SystemRequirementsLab
[2009/02/05 17:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Teleca
[2010/09/08 12:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Thunderbird
[2009/10/05 17:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\TomTom
[2011/01/25 18:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mosley Family\Application Data\Watchtower
[2012/06/20 19:45:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
[2012/06/20 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/01/16 04:55:03 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Mosley Family\My Documents\Tofino 015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Mosley Family\My Documents\savetheantelope.mpg:TOC.WMV
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EFC7295
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was aswMBR able to run ?
  • 0

#8
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
aswMBR.exe log
  • 0

#9
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Yes I will attach the file again.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you copy and paste as the attachment failed
  • 0

Advertisements


#11
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here it is!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 20:10:15
-----------------------------
20:10:15.906 OS Version: Windows 5.1.2600 Service Pack 2
20:10:15.906 Number of processors: 2 586 0x1706
20:10:15.906 ComputerName: MUESLI-677F0939 UserName: Mosley Family
20:10:17.078 Initialize success
20:10:19.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:10:19.171 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
20:10:19.187 Disk 0 MBR read successfully
20:10:19.187 Disk 0 MBR scan
20:10:19.187 Disk 0 Windows XP default MBR code
20:10:19.187 Disk 0 Partition 1 80 (A) 06 FAT16 NTFS 476937 MB offset 63
20:10:19.187 Disk 0 scanning sectors +976768065
20:10:19.328 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:26.796 Service scanning
20:10:31.750 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
20:10:31.765 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
20:10:31.812 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
20:10:31.828 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:10:38.406 Modules scanning
20:10:43.078 Disk 0 trace - called modules:
20:10:43.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:10:43.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b24f2b0]
20:10:43.109 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000007e[0x8b2bd710]
20:10:43.109 5 ACPI.sys[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b1ca940]
20:10:43.109 Scan finished successfully
20:11:06.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mosley Family\Desktop\MBR.dat"
20:11:06.843 The log file has been saved successfully to "C:\Documents and Settings\Mosley Family\Desktop\aswMBRPlasticWelshman1.txt"
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will need to use a stronger programme as one of the registry entries resisted moving

When you download combofix rename it to Gotcha please

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#13
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Followed instructions ran combofix
It started scanning and then I left it to have a drink.
When I came back the machine was rebooting
When windows loaded the combofix box said that it was preparing the log file, please wait.
Unfortunately stopzilla identified a virus and I blocked it not realising that it was combofix it was identifying as a Trojan
I exited stopzilla and stopped it's scan
I checked the location for the combofixlog file, but none was present!
  • 0

#14
Plastic Welshman

Plastic Welshman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I allowed the machine to reboot and ran Combofix again.
Don't know if I should have done that.
Anyway here is the log

ComboFix 12-06-20.02 - Mosley Family 20/06/2012 21:56:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2550 [GMT 1:00]
Running from: c:\documents and settings\Mosley Family\Desktop\Gotcha.exe
AV: Kaspersky Internet Security *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mosley Family\Local Settings\Application Data\axbcctbn.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\buqrabeh.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\eqrjlpnl.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\lwupdjfe.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\nplmpljh.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe
c:\documents and settings\Mosley Family\Local Settings\Application Data\reecrujf.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\yhwojtwq.log
.
---- Previous Run -------
.
c:\documents and settings\Mosley Family\Local Settings\Application Data\axbcctbn.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\buqrabeh.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\eqrjlpnl.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\lwupdjfe.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\nplmpljh.log
c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe
c:\documents and settings\Mosley Family\Local Settings\Application Data\reecrujf.log
c:\documents and settings\Mosley Family\My Documents\FortHill_Territory.jpg
C:\hosts
c:\windows\system32\Cache\107b54c91497c3ee.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8ed3ec438a494775.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 18:45 . 2012-06-20 21:04 -------- d-----w- c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb
2012-06-20 18:41 . 2012-06-20 18:41 -------- d-----w- C:\_OTL
2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\SUPERAntiSpyware.com
2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-19 20:48 . 2012-06-19 20:48 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-27 15:56 . 2012-05-27 15:56 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\Malwarebytes
2012-05-25 20:43 . 2012-05-25 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-25 20:43 . 2012-05-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 20:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 18:16 . 2012-05-25 18:16 110080 ----a-r- c:\documents and settings\Mosley Family\Application Data\Microsoft\Installer\{B3CB613C-58D3-4692-B2DA-8F3EAC6288D4}\IconF7A21AF7.exe
2012-05-25 18:16 . 2012-05-25 18:16 110080 ----a-r- c:\documents and settings\Mosley Family\Application Data\Microsoft\Installer\{B3CB613C-58D3-4692-B2DA-8F3EAC6288D4}\IconD7F16134.exe
2012-05-25 18:16 . 2012-05-25 18:16 110080 ----a-r- c:\documents and settings\Mosley Family\Application Data\Microsoft\Installer\{B3CB613C-58D3-4692-B2DA-8F3EAC6288D4}\IconCF33A0CE.exe
2012-05-25 18:16 . 2012-05-25 18:16 -------- d-----w- C:\sh4ldr
2012-05-25 18:16 . 2012-05-25 18:16 -------- d-----w- c:\program files\Enigma Software Group
2012-05-25 18:15 . 2012-05-25 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-05-24 19:25 . 2012-05-24 21:01 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\AVG
2012-05-24 19:11 . 2012-05-25 08:54 -------- d-----w- c:\documents and settings\Mosley Family\Local Settings\Application Data\LogMeIn Rescue Applet
2012-05-24 18:04 . 2012-05-24 19:41 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-05-24 18:04 . 2012-05-24 19:41 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-05-24 18:02 . 2012-06-20 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-05-24 18:02 . 2012-05-24 18:02 -------- d-----w- c:\program files\Kaspersky Lab
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 21:32 . 2012-04-05 10:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 21:32 . 2011-06-17 08:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 15:26 . 2012-04-14 15:26 657822 ----a-w- c:\windows\P5KC-1203.zip
2012-04-14 15:07 . 2012-04-14 15:07 1409 ----a-w- c:\windows\QTFont.for
2012-04-04 12:13 . 2012-04-04 12:13 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 12:13 . 2012-04-04 12:13 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 12:13 . 2012-04-04 12:13 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 15:36 . 2012-03-29 15:36 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-27 16:03 . 2008-04-13 11:04 6100072 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-01-09 17:56 . 2011-04-02 19:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Akamai NetSession Interface"="c:\documents and settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 3906944]
"XgtTiuor"="c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe" [2012-06-20 87776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2005-05-23 53248]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-13 296056]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Scheduler.lnk - c:\progra~1\WinTV\SCHEDU~1\scheduler.exe [2009-2-15 4700712]
xgttiuor.exe [2012-5-22 87776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-2-15 110647]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-10-5 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb\xgttiuor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mosley Family^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mosley Family^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-05-25 11:13 1957888 ----a-r- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 06:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 17:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2005-08-05 14:15 61440 ----a-w- c:\windows\VM305_STI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2005-12-12 08:36 143360 ------w- c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 13:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Alarm Clock]
2006-02-02 13:36 1254400 ----a-w- c:\program files\PC Alarm Clock\pcalarmclock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-03-14 12:40 20065896 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 11:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 17:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\MSN BackUp\\MSNBackup.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Documents and Settings\\Mosley Family\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24/02/2012 15:28 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29/03/2012 16:36 72080]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [15/02/2009 17:41 12928]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29/07/2004 04:13 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18/04/2012 10:20 101112]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [15/02/2009 18:11 437248]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [04/05/2012 18:21 737184]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27/07/2005 17:25 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27/07/2005 17:25 36352]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [13/04/2008 12:05 38656]
R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [05/02/2009 18:14 6016]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [15/02/2009 17:41 182400]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [15/02/2009 17:41 12288]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [15/02/2009 17:41 320256]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [15/02/2009 17:41 74624]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [15/02/2009 17:41 394880]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [15/02/2009 17:41 17280]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/05/2012 21:43 22344]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27/07/2005 17:25 77056]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24/02/2012 15:28 99728]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [18/04/2012 22:09 102728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2009 16:22 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/05/2012 21:43 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 11:50 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/04/2012 16:10 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16/04/2012 12:23 99856]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2009 16:22 133104]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [27/10/2009 16:43 30920]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/02/2009 17:30 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/02/2009 17:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/02/2009 17:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/02/2009 17:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/02/2009 17:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/02/2009 17:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/02/2009 17:30 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [02/02/2009 17:30 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [02/02/2009 17:30 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [02/02/2009 17:30 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [02/02/2009 17:30 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [02/02/2009 17:30 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [02/02/2009 17:30 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [02/02/2009 17:30 117672]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [20/05/2008 17:16 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [20/05/2008 17:16 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [20/05/2008 17:16 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [20/05/2008 18:24 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [20/05/2008 18:24 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [20/05/2008 18:23 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [20/05/2008 18:24 97704]
S3 usbaucmd;usbaucmd;c:\windows\system32\drivers\usbaucmd.sys --> c:\windows\system32\drivers\usbaucmd.sys [?]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [19/04/2009 19:54 474368]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [16/09/2010 18:55 391688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:32]
.
2012-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-20 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-24 16:20]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 15:22]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 15:22]
.
2012-06-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
.
2012-01-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
.
2012-06-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-448539723-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-448539723-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: NameServer = 212.74.112.66,212.74.112.67
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-HiYo - c:\program files\HiYo\bin\HiYo.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WindowsLivePhone - c:\progra~1\WINDOW~4\MESSEN~1\DEVICE~1\msgrdvmn.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-20 22:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?1??$?\???8?????????$?8?????$?C?US????8???UB????????????????????????????A~????????????tq??l??????|p??|????m??|??D~??????????$?B$?|??B~??B~*?,???$???????????????????????????????B~????????????tq??????T???????????tq??????L??????
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)[email protected]?Y????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-448539723-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:22,62,e5,92,41,cb,fb,3d,21,4a,d6,7b,48,99,35,fe,14,1e,e4,e1,29,bc,69,
cd,1e,39,51,4b,9a,7c,ea,d7,3d,58,5d,4c,6f,f9,d0,24,76,17,b4,51,e8,9a,22,a1,\
"??"=hex:16,10,91,32,90,a8,f8,b3,2f,a3,c0,66,2e,9e,28,65
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\ASUS\AASP\1.00.59\aaCenter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-20 22:14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 21:14
.
Pre-Run: 250,963,349,504 bytes free
Post-Run: 250,639,200,256 bytes free
.
- - End Of File - - 1C50B725E19E22274A08BBA6B0FE943B
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem.. One more quick run with combofix now. Once this has completed can you let me know how the system is behaving

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb
c:\documents and settings\Mosley Family\Application Data\Microsoft\Installer\{B3CB613C-58D3-4692-B2DA-8F3EAC6288D4}

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XgtTiuor"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP