Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fbi money pan, no safe networking mode [Solved]


  • This topic is locked This topic is locked

#16
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Please note there was no box "scan 64bit users' in the olt userinteface. I ran the scan, but only received one file.I searched my computer for the file name Extras.txt but it was not found.

I did receive an open txt file upon the OLT completion, but it was not named extras but olt. I did rename that one, but it's probably a copy of the olt.txt file. I will include it to be safe.

OTL logfile created on: 4/24/2013 10:13:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.84% Memory free
3.35 Gb Paging File | 2.60 Gb Available in Paging File | 77.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 272.70 Gb Total Space | 221.07 Gb Free Space | 81.07% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 0.67 Gb Free Space | 9.99% Space Free | Partition Type: FAT32

Computer Name: ANNE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.)
PRC - c:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_elementtree.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32api.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_socket.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32ts.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._html2.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32crypt.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_ctypes.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32profile.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._core_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_ssl.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._misc_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_hashlib.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pythoncom27.dll ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32security.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32process.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32pdh.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._windows_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._wizard.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32file.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32inet.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._controls_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\unicodedata.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pyexpat.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32event.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\select.pyd ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\Program Files\Common Files\LightScribe\LSPrtEn.dll ()
MOD - C:\Program Files\Common Files\LightScribe\LSCAPI.dll ()
MOD - C:\Program Files\Common Files\LightScribe\LSDrComm.dll ()
MOD - C:\Program Files\Common Files\LightScribe\LSSProxy.dll ()
MOD - C:\Program Files\Common Files\LightScribe\LSLog.dll ()
MOD - C:\WINDOWS\system32\vbicodec.ax ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater15.0.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PGMTrusted) -- C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.Sys File not found
DRV - (X4HS32Ex) -- C:\Program Files\Free Ride Games\X4HS32Ex.Sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (X4HSEx_Pr143) -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys (Exent Technologies Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CXTUNE) -- C:\WINDOWS\system32\drivers\cx88tune.sys (Conexant Systems, Inc.)
DRV - (CX88ENC) -- C:\WINDOWS\system32\drivers\cx88enc.sys (Conexant Systems, Inc.)
DRV - (CXAVXBAR) -- C:\WINDOWS\system32\drivers\cxavxbar.sys (Conexant Systems, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cua.edu/
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-09-12 02:04:58&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{C4C819E5-F6A1-4826-BB52-EBBEDFE6A572}: "URL" = http://www.google.co...&rlz=1I7RNWE_en
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 09:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/24 16:52:10 | 000,000,000 | ---D | M]

[2010/07/11 22:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/10 20:22:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [q] "xidpwooedd.exe" File not found
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)" -"http://clubgames.pog...=pAllGames_lnk" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Updates from HP.lnk = File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1032 (SonyOnlineInstallerX)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344474360075 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pog...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} https://www.msishopp...geUploader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://clubgames.pog...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-game...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://clubgames.pog...sh.1.0.0.15.cab (CPlayFirstParkingDasControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E76E1D9-062E-4EE5-A1AE-373FC027275D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/24 22:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2013/04/23 21:44:41 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/22 18:08:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/05 08:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/01 19:19:36 | 000,000,000 | ---D | C] -- C:\1fca4a979587afe1b176b92e79876fe7
[2005/08/29 23:17:12 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe

========== Files - Modified Within 30 Days ==========

[2013/04/24 22:10:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2013/04/24 22:03:37 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
[2013/04/24 22:03:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/24 22:03:19 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
[2013/04/24 22:01:41 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/04/24 22:01:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/24 22:01:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/24 22:01:10 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 20:22:44 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 15:46:13 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/22 20:40:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/12 19:42:03 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/04/10 03:30:23 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 03:12:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 03:11:31 | 000,000,215 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/04/05 08:20:18 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk

========== Files Created - No Company Name ==========

[2013/04/10 03:11:31 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/12/27 14:20:03 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/27 14:19:52 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sound.mp3
[2012/12/27 14:19:47 | 000,114,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/08/16 17:49:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\dt.dat
[2011/10/22 17:23:56 | 000,000,460 | ---- | C] () -- C:\Program Files\1022201117235656.bat
[2011/09/19 11:18:08 | 000,000,446 | ---- | C] () -- C:\Program Files\0919201111180848.bat
[2011/09/01 17:23:05 | 000,000,453 | ---- | C] () -- C:\Program Files\0901201117230585.bat
[2011/08/06 23:19:05 | 000,000,460 | ---- | C] () -- C:\Program Files\0806201123190535.bat
[2011/07/27 22:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2011/07/26 19:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2011/07/15 00:34:28 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2011/01/05 13:19:01 | 000,000,481 | ---- | C] () -- C:\Program Files\0105201112190110.bat
[2010/12/13 00:18:09 | 000,000,477 | ---- | C] () -- C:\Program Files\1212201023180917.bat
[2010/12/08 12:34:41 | 000,000,451 | ---- | C] () -- C:\Program Files\1208201011343978.bat
[2010/12/07 00:18:25 | 000,000,475 | ---- | C] () -- C:\Program Files\1206201023182493.bat
[2010/12/06 19:04:44 | 000,000,458 | ---- | C] () -- C:\Program Files\1206201018044450.bat
[2010/11/03 12:06:06 | 000,000,465 | ---- | C] () -- C:\Program Files\1103201012060648.bat
[2010/10/11 17:06:18 | 000,000,473 | ---- | C] () -- C:\Program Files\1011201017061876.bat
[2010/10/04 17:09:01 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/09/30 16:49:16 | 000,000,450 | ---- | C] () -- C:\Program Files\0930201016491632.bat
[2010/09/22 14:30:57 | 000,000,458 | ---- | C] () -- C:\Program Files\0922201014305710.bat
[2010/09/21 14:36:16 | 000,000,469 | ---- | C] () -- C:\Program Files\0921201014361620.bat
[2010/09/21 13:28:16 | 000,000,455 | ---- | C] () -- C:\Program Files\0921201013281673.bat
[2010/09/17 00:08:32 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe
[2010/09/10 00:04:10 | 000,000,459 | ---- | C] () -- C:\Program Files\091020100041089.bat
[2009/06/01 16:32:54 | 000,007,350 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\slot1.mm1
[2007/12/05 11:26:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PPD Plugins
[2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Percussion Kit
[2007/12/05 11:18:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/12/05 11:18:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Hard
[2005/08/29 23:16:14 | 000,000,424 | ---- | C] () -- C:\Program Files\Shortcut to HijackThis.lnk
[2005/03/20 13:07:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB
[2005/03/20 13:07:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB
[2005/03/19 18:36:11 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 18:34:14 | 000,010,589 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml1.srt
[2005/03/19 18:34:14 | 000,010,436 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml2.srt
[2005/03/19 18:34:14 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/03/19 18:34:12 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.bak

========== ZeroAccess Check ==========

[2013/04/04 20:00:12 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\@
[2013/04/04 20:00:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\L
[2013/04/04 20:00:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\U
[2004/11/05 04:45:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-2438911799-3484224873-888160877-1008\$3048fe6d168e90a05f0913174229d88d\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2004/11/05 10:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/08/06 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20000Leagues
[2010/03/23 00:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2009/06/28 03:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2011/09/16 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2011/12/17 01:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/05/28 16:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2013/03/25 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/10/31 15:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/07/19 14:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AWEM
[2010/02/15 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2008/10/17 13:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2009/10/07 02:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2011/09/01 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/06/09 04:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2009/06/23 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory
[2011/07/15 18:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CannyGames
[2009/08/10 10:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2011/09/23 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/09/17 00:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/09/12 01:57:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/01 01:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CropBusters
[2011/10/15 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DragonsEye Studios
[2009/08/08 10:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/08/23 12:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/12 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/09/28 09:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/06/02 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/01/01 20:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009/06/15 22:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/10/31 03:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/02/26 02:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2010/03/09 00:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2011/05/31 01:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2012/05/02 21:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/10/22 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2011/11/08 01:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2011/06/08 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2011/06/18 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/09/17 01:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings
[2011/07/24 17:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2009/09/28 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/11/05 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/06/19 04:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/08/15 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2012/07/14 00:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/07/07 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GabCab
[2009/09/27 12:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/07/17 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2009/08/13 13:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/09/22 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/01/15 23:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital
[2007/06/14 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2009/08/17 20:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone
[2012/06/12 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2008/08/16 13:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2010/01/06 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2009/08/01 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/09/21 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/19 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2011/06/29 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/01/01 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2012/04/20 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/05 13:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/03/28 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2009/06/24 07:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2011/08/09 00:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/08/17 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2012/06/05 02:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/06/16 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWinG
[2009/07/27 01:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/07/22 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom
[2011/01/30 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2009/06/10 02:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/07/10 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster Software
[2010/02/22 13:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/08/09 12:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2013/04/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/05 13:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/03/23 21:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/07/18 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009/08/11 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2010/09/06 01:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/24 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/06/14 22:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2007/12/05 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/09/01 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/07/30 21:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/06/10 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Play
[2012/04/27 00:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/08/16 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/09/28 12:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/08/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2011/01/10 01:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/15 00:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/14 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2011/12/13 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2006/09/15 00:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/09/23 17:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/06/09 00:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Product
[2009/06/09 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2009/08/16 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raptisoft
[2010/01/01 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/09/25 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RescueFrenzy
[2011/06/12 20:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2011/07/25 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2011/09/19 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/05/28 13:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2009/12/28 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2010/05/11 01:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2009/07/30 01:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/02/20 01:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/06/11 04:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/01/01 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/08/24 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2012/04/19 23:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T1 Games
[2012/04/08 14:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/19 01:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/12/21 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Terrafarmers
[2011/07/19 17:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2012/10/31 00:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogy
[2009/08/18 23:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TonkyPonky
[2010/09/21 12:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Try2
[2009/06/19 00:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/02/17 22:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2007/12/05 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/03 19:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/08/08 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2004/11/05 10:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/11/08 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2005/08/29 11:52:39 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe

< MD5 for: SERVICES >
[2004/08/10 00:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/09 17:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\services._

< MD5 for: SERVICES.EX_ >
[2004/08/09 17:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\services.ex_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2004/11/05 04:51:31 | 000,001,602 | ---- | M] () MD5=495780BCE12856BE230CA0FB91D3DAA1 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/09 17:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\services.ms_

< MD5 for: SERVICES.MSC >
[2004/08/09 17:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/09 17:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/09 17:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/09 17:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/09 17:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 17:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/09 17:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DL_ >
[2004/08/09 17:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\I386\winsock.dl_

< MD5 for: WINSOCK.DLL >
[2004/08/09 17:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/09 17:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< >
[2004/11/05 03:24:53 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/11/05 04:56:52 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/02/15 15:46:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/15 15:46:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 16:48:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/10/24 16:55:26 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
[2012/10/24 16:55:27 | 000,000,300 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5E0BCE9
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5095D8B1
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42942A7F
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B1AD87
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA474A9
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FA3210E
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCA33695
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFBA7B1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77271429
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:531637AD
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F46E9A6
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F6D130
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E6845BC
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C640E10C
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5743A858
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E169C6B3
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F16601E
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F9D57FD
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F40566
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E424252
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237EF7B2
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01EDA307
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31380BB4
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7B9EA
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C134254
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86AE00C6
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04E853D4
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0256104B
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA585D8D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AA80927
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3FF2E1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE41A50B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9950163C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FCCCD6D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40B295
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5808D58
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ABA97D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5304CF6F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B825050
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D761AB3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98A71B94
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FF05345
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECB0F6C
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C504A4D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C93E55E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E196EC71
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9D42A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC57032B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6093F383
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:002640E3
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8AB98F0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE02DA6F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2D5608
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D11302A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42275BC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC521608
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F75C09E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08628477
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9D68B36
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8E51D31
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5F503C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF91EC
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F08F4B0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE91125
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3C27E1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACDADE10
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9373B271
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A68B9D77
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3AFC61E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF05C70
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77783B17
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D

< End of report >

Attached Files


  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK nearly there one further run to ensure that all is gone... How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.Sys File not found
DRV - (X4HS32Ex) -- C:\Program Files\Free Ride Games\X4HS32Ex.Sys File not found
DRV - (catchme) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys File not found
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [q] "xidpwooedd.exe" File not found
O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found
[2011/10/22 17:23:56 | 000,000,460 | ---- | C] () -- C:\Program Files\1022201117235656.bat
[2011/09/19 11:18:08 | 000,000,446 | ---- | C] () -- C:\Program Files\0919201111180848.bat
[2011/09/01 17:23:05 | 000,000,453 | ---- | C] () -- C:\Program Files\0901201117230585.bat
[2011/08/06 23:19:05 | 000,000,460 | ---- | C] () -- C:\Program Files\0806201123190535.bat
[2011/01/05 13:19:01 | 000,000,481 | ---- | C] () -- C:\Program Files\0105201112190110.bat
[2010/12/13 00:18:09 | 000,000,477 | ---- | C] () -- C:\Program Files\1212201023180917.bat
[2010/12/08 12:34:41 | 000,000,451 | ---- | C] () -- C:\Program Files\1208201011343978.bat
[2010/12/07 00:18:25 | 000,000,475 | ---- | C] () -- C:\Program Files\1206201023182493.bat
[2010/12/06 19:04:44 | 000,000,458 | ---- | C] () -- C:\Program Files\1206201018044450.bat
[2010/11/03 12:06:06 | 000,000,465 | ---- | C] () -- C:\Program Files\1103201012060648.bat
[2010/10/11 17:06:18 | 000,000,473 | ---- | C] () -- C:\Program Files\1011201017061876.bat
[2010/09/30 16:49:16 | 000,000,450 | ---- | C] () -- C:\Program Files\0930201016491632.bat
[2010/09/22 14:30:57 | 000,000,458 | ---- | C] () -- C:\Program Files\0922201014305710.bat
[2010/09/21 14:36:16 | 000,000,469 | ---- | C] () -- C:\Program Files\0921201014361620.bat
[2010/09/21 13:28:16 | 000,000,455 | ---- | C] () -- C:\Program Files\0921201013281673.bat
[2010/09/10 00:04:10 | 000,000,459 | ---- | C] () -- C:\Program Files\091020100041089.bat

:Files
C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#18
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Please note that the OLT screen does NOT provide a spot to check " 64 bit scans". Please advise.

Also, the computer stopped recognizing my wireless keyboard and mouse while we were using the ISO program. I had to hook up on old Dell mouse and Keyboard. I have not replaced it - please let's not forget this after we remove the Money Pack virus, ok? :)

In addition, my AVG did it's customary scan (I forgot that I set it many eons ago for the daily scan) and it is showing two viruses. I have not 'done' anything from it's report and wonder if it is OK to disable it when it still shows - "please remove these items".

Otherwise the computer is running ok. :)
Thanks Anne

Edited by Anthroanne, 25 April 2013 - 12:04 PM.

  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry I forgot to say that 64bit will only appear on a 64bit machine.

Once you have finished the combofix run could you retry the keyboard and mouse please

What is AVG reporting, is it in OTL moved files ?
  • 0

#20
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Ok thanks for info, re 64 bit.

In regards to AVG. It moved/deleted (it doesn't tell me which) the following files:
C:\FRST\Quareentine\f34rfcdsfwe.exe
C:\SystemVolumeInformation\_Restore{6F354F18-CACC-49BA-8A22-3Df3CA9BD55B}\RP2020\A0305296.exe

It reports the following file to be a threat - broken link:
c:\ProgramFiles\SonyEntertainment\npsoeact.dll

Prertty sure the f34... file is that virus.

Also, everytime I come to geekstogo site I receive a pop-up for FireFox/mozzilla download.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye those are quarantined files, if you could run the fixes now
  • 0

#22
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
OLT fix and quick scan completed.

Please note I am now having difficulty accessing the geekstogo web site. Not only is that pop-up coming up (that did not when I was on laptop) I now receive a windows box stating that a script is running that will make IE unstable - "do you want to keep it running?" I click no, of course, and then, there appears to be two right hand scroll bars on my windows page. The inner one moves the only our posts up and down and the outer one doesn't do anything. For about 3-4 seconds I could not get to our posts at all - that is NO right hand scroll bar at all.

Also, on boot up AVG reported a virus. It is a file name that has appeared before we started our fixes and AVG is unable to fix it. AVG says "access denied". The file name is :
c:\Recycler\S-1-5-21-2438911799-3484224873-888160877-1008\$3048fe60168e90a05f0913174229d88d\n

last time I tried to remove this file manually but the c; does not report a \Recycler file.

Do you want me to continue with the COMBOGFIX?
OTL logfile created on: 4/25/2013 4:04:40 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.79% Memory free
3.35 Gb Paging File | 2.69 Gb Available in Paging File | 80.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 272.70 Gb Total Space | 221.97 Gb Free Space | 81.40% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 0.67 Gb Free Space | 9.99% Space Free | Partition Type: FAT32

Computer Name: ANNE | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\_elementtree.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32api.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\_socket.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32ts.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._html2.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32crypt.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\pythoncom27.dll ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\_ctypes.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32profile.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._core_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._misc_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32security.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\_ssl.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\_hashlib.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32process.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32pdh.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._windows_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._wizard.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32file.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32inet.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._controls_.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\pyexpat.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32event.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\unicodedata.pyd ()
MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI33122\select.pyd ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()
MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()
MOD - C:\WINDOWS\system32\encdec.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\vbicodec.ax ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater15.0.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PGMTrusted) -- C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (X4HSEx_Pr143) -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys (Exent Technologies Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CXTUNE) -- C:\WINDOWS\system32\drivers\cx88tune.sys (Conexant Systems, Inc.)
DRV - (CX88ENC) -- C:\WINDOWS\system32\drivers\cx88enc.sys (Conexant Systems, Inc.)
DRV - (CXAVXBAR) -- C:\WINDOWS\system32\drivers\cxavxbar.sys (Conexant Systems, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cua.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-09-12 02:04:58&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C4C819E5-F6A1-4826-BB52-EBBEDFE6A572}: "URL" = http://www.google.co...&rlz=1I7RNWE_en
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 09:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/24 16:52:10 | 000,000,000 | ---D | M]

[2010/07/11 22:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/04/25 15:55:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)" -"http://clubgames.pog...=pAllGames_lnk" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Updates from HP.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1032 (SonyOnlineInstallerX)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344474360075 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pog...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} https://www.msishopp...geUploader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://clubgames.pog...eb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-game...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://clubgames.pog...sh.1.0.0.15.cab (CPlayFirstParkingDasControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E76E1D9-062E-4EE5-A1AE-373FC027275D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/24 22:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2013/04/23 21:44:41 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/22 18:08:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/05 08:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/04/01 19:19:36 | 000,000,000 | ---D | C] -- C:\1fca4a979587afe1b176b92e79876fe7
[2005/08/29 23:17:12 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe

========== Files - Modified Within 30 Days ==========

[2013/04/25 16:01:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/25 16:00:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/25 15:59:52 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
[2013/04/25 15:59:36 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
[2013/04/25 15:58:12 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/04/25 15:57:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 15:57:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/25 15:57:46 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 15:55:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/04/25 14:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/24 22:10:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2013/04/22 20:40:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/12 19:42:03 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/04/10 03:30:23 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 03:12:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 03:11:31 | 000,000,215 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/04/05 08:20:18 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk

========== Files Created - No Company Name ==========

[2013/04/10 03:11:31 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/12/27 14:20:03 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2012/12/27 14:19:52 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sound.mp3
[2012/12/27 14:19:47 | 000,114,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/08/16 17:49:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\dt.dat
[2011/07/27 22:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2011/07/26 19:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2011/07/15 00:34:28 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2010/10/04 17:09:01 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/09/17 00:08:32 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe
[2009/06/01 16:32:54 | 000,007,350 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\slot1.mm1
[2007/12/05 11:26:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PPD Plugins
[2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Percussion Kit
[2007/12/05 11:18:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/12/05 11:18:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Hard
[2005/08/29 23:16:14 | 000,000,424 | ---- | C] () -- C:\Program Files\Shortcut to HijackThis.lnk
[2005/03/20 13:07:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB
[2005/03/20 13:07:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB
[2005/03/19 18:36:11 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 18:34:14 | 000,010,589 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml1.srt
[2005/03/19 18:34:14 | 000,010,436 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml2.srt
[2005/03/19 18:34:14 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/03/19 18:34:12 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.bak

========== ZeroAccess Check ==========

[2004/11/05 04:45:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-2438911799-3484224873-888160877-1008\$3048fe6d168e90a05f0913174229d88d\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/06 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20000Leagues
[2010/03/23 00:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2009/06/28 03:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2011/09/16 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2011/12/17 01:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/05/28 16:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2013/03/25 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/10/31 15:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/07/19 14:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AWEM
[2010/02/15 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2008/10/17 13:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2009/10/07 02:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2011/09/01 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/06/09 04:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2009/06/23 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory
[2011/07/15 18:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CannyGames
[2009/08/10 10:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2011/09/23 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/09/17 00:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/09/12 01:57:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/01 01:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CropBusters
[2011/10/15 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DragonsEye Studios
[2009/08/08 10:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/08/23 12:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/12 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2009/09/28 09:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/06/02 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2010/01/01 20:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2009/06/15 22:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2011/10/31 03:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2010/02/26 02:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2010/03/09 00:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2011/05/31 01:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2012/05/02 21:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/10/22 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2011/11/08 01:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2011/06/08 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2011/06/18 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/09/17 01:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings
[2011/07/24 17:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2009/09/28 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/11/05 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/06/19 04:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/08/15 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2012/07/14 00:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011/07/07 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GabCab
[2009/09/27 12:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/07/17 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2009/08/13 13:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/09/22 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/01/15 23:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital
[2007/06/14 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2009/08/17 20:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone
[2012/06/12 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2008/08/16 13:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2010/01/06 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2009/08/01 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/09/21 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/19 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2011/06/29 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/01/01 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2012/04/20 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/05 13:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/03/28 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2009/06/24 07:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2011/08/09 00:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/08/17 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2012/06/05 02:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/06/16 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWinG
[2009/07/27 01:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/07/22 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom
[2011/01/30 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2009/06/10 02:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2011/07/10 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster Software
[2010/02/22 13:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/08/09 12:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2013/04/25 09:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/05 13:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/03/23 21:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/07/18 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2009/08/11 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2010/09/06 01:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/24 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/06/14 22:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2007/12/05 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/09/01 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/07/30 21:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/06/10 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Play
[2012/04/27 00:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/08/16 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2011/09/28 12:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/08/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2011/01/10 01:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/02/15 00:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/14 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2011/12/13 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2006/09/15 00:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/09/23 17:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/06/09 00:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Product
[2009/06/09 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2009/08/16 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raptisoft
[2010/01/01 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/09/25 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RescueFrenzy
[2011/06/12 20:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2011/07/25 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2011/09/19 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/05/28 13:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2009/12/28 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2010/05/11 01:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2009/07/30 01:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/02/20 01:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/06/11 04:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/01/01 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/08/24 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2012/04/19 23:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T1 Games
[2012/04/08 14:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/19 01:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/12/21 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Terrafarmers
[2011/07/19 17:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2012/10/31 00:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogy
[2009/08/18 23:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TonkyPonky
[2010/09/21 12:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Try2
[2009/06/19 00:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/02/17 22:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2007/12/05 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/03 19:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/08/08 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5E0BCE9
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5095D8B1
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42942A7F
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B1AD87
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA474A9
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FA3210E
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCA33695
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFBA7B1
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77271429
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:531637AD
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F46E9A6
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F6D130
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E6845BC
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C640E10C
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5743A858
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E169C6B3
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F16601E
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F9D57FD
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F40566
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E424252
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237EF7B2
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01EDA307
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31380BB4
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7B9EA
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C134254
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86AE00C6
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04E853D4
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0256104B
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA585D8D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AA80927
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3FF2E1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE41A50B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9950163C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FCCCD6D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40B295
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5808D58
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ABA97D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5304CF6F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B825050
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D761AB3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98A71B94
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FF05345
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECB0F6C
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C504A4D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C93E55E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E196EC71
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9D42A5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC57032B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6093F383
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:002640E3
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8AB98F0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE02DA6F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2D5608
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D11302A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42275BC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC521608
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F75C09E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08628477
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9D68B36
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8E51D31
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5F503C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF91EC
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F08F4B0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE91125
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3C27E1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACDADE10
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9373B271
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A68B9D77
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3AFC61E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF05C70
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77783B17
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D

< End of report >

Attached Files


  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please continue with combofix
  • 0

#24
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Attached File  comboonelog.txt   28.88KB   38 downloadsHappy to report, no pop-up this time.

Recieved the following error after combofix had rebooted:
"The instrution at "0x0039472b" referened memory at "0x7015bda9". The memory could not be written. Cancle program or debug?" I selected debug. (is this a bad memory kernel?

Also, I had to retoogle AVG off b/c I didn't realize that (or rather didn't remember) that COmbofix was going to keep runnign after reboot. I hope that didn't cause a problem.

Here is the file.

ComboFix 13-04-25.01 - HP_Administrator 04/25/2013 16:43:58.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1250 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\_ctypes.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\_elementtree.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\_hashlib.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\_socket.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\_ssl.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\pyexpat.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\pysqlite2._sqlite.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\python27.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\pythoncom27.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\PyWinTypes27.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\select.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\unicodedata.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32api.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32com.shell.shell.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32crypt.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32event.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32file.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32inet.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32pdh.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32process.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32profile.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32security.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\win32ts.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\windows._cacheinvalidation.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._controls_.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._core_.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._gdi_.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._html2.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._misc_.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._windows_.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wx._wizard.pyd
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxbase294u_net_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxbase294u_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxmsw294u_adv_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxmsw294u_core_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxmsw294u_html_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI33122\wxmsw294u_webview_vc90.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\.#
c:\documents and settings\HP_Administrator\Application Data\.#\[email protected]@1464180.###
c:\documents and settings\HP_Administrator\Application Data\.#\[email protected]@14641B0.###
c:\documents and settings\HP_Administrator\Application Data\.#\[email protected]@14641E0.###
c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\_ctypes.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\_elementtree.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\_hashlib.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\_socket.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\_ssl.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\pyexpat.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\pysqlite2._sqlite.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\python27.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\pythoncom27.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\PyWinTypes27.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\select.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\unicodedata.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32api.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32com.shell.shell.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32crypt.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32event.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32file.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32inet.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32pdh.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32process.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32profile.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32security.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\win32ts.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\windows._cacheinvalidation.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._controls_.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._core_.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._gdi_.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._html2.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._misc_.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._windows_.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wx._wizard.pyd
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxbase294u_net_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxbase294u_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxmsw294u_adv_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxmsw294u_core_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxmsw294u_html_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\_MEI33122\wxmsw294u_webview_vc90.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\17b37e1d89627257.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3c07d3dec88fc68b.fb
c:\windows\system32\Cache\3c812097cf6648a9.fb
c:\windows\system32\Cache\54f6c2cdfb7ee841.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\71757c74ba543db7.fb
c:\windows\system32\Cache\79938acb11929dc5.fb
c:\windows\system32\Cache\7d3ffafc290d3dfb.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ab9c2ed8eb30f70f.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b2029a5c849e44bc.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\df754a4b8a26f3fd.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fdd50f077c1bd20a.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\sp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-25 to 2013-04-25 )))))))))))))))))))))))))))))))
.
.
2013-04-24 01:44 . 2013-04-24 01:44 -------- d-----w- C:\FRST
2013-04-22 22:08 . 2013-04-23 00:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-01 23:19 . 2013-04-01 23:19 -------- d-----w- C:\1fca4a979587afe1b176b92e79876fe7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 00:40 . 2012-09-04 05:14 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-12 18:44 . 2012-04-08 18:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 18:44 . 2011-05-20 11:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-11-26 09:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-11-26 08:58 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 05:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-11-26 09:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-11-26 08:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-11-26 08:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-11-26 09:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-11-26 08:57 385024 ----a-w- c:\windows\system32\html.iec
2013-03-01 14:32 . 2012-09-21 07:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 07:56 . 2004-11-26 08:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-27 03:40 . 2012-09-13 07:11 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 07:52 . 2011-07-11 05:14 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2008-09-03 10:45 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-11-26 09:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 08:37 . 2011-08-08 10:08 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 08:37 . 2012-09-21 07:46 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 08:37 . 2012-04-19 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 08:37 . 2011-07-11 05:13 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-01-26 03:55 . 2004-11-26 08:58 552448 ----a-w- c:\windows\system32\oleaut32.dll
2005-08-29 15:52 . 2005-08-30 03:17 218112 ----a-w- c:\program files\HijackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-03-26 00:40 1956016 ----a-w- c:\program files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll" [2013-03-26 1956016]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-05-19 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 2805248]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-05 282624]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-17 81920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-03-26 1219248]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-24 296096]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-10-1 57344]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-18 450560]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-10 17:54 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 245048]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 1:14 AM 33624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 3:01 PM 352248]
R2 PGMTrusted;PGMTrusted;c:\program files\Pogo Games\PGMTrusted.exe [10/29/2012 1:25 PM 519920]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/25/2013 8:40 PM 990896]
R2 X4HSEx_Pr143;X4HSEx_Pr143;c:\program files\Free Ride Games\X4HSEx_Pr143.sys [11/5/2012 8:21 PM 58696]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/22/2013 6:08 PM 40776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:44]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 19:46]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 19:46]
.
2013-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.cua.edu/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{3E76E1D9-062E-4EE5-A1AE-373FC027275D}: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://clubgames.pogo.com/online2/pogo/parking_dash/parkingdash.1.0.0.15.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SoundDrivers - c:\documents and settings\All Users\Application Data\f34rfcdsfwe.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-25 16:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI37282\support
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI37282\support\gen_py
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\_MEI37282\support\gen_py\__init__.py 0 bytes
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5732)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-04-25 17:09:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-25 21:09
ComboFix2.txt 2010-08-11 00:24
ComboFix3.txt 2010-07-12 02:53
ComboFix4.txt 2010-07-09 06:25
ComboFix5.txt 2013-04-25 20:41
.
Pre-Run: 238,277,414,912 bytes free
Post-Run: 237,854,715,904 bytes free
.
- - End Of File - - 594F673CC37AB905299BF04E021AC9AB
  • 0

#25
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
wireless mouse and keyboard working! :)
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#27
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Wondeful! Yippie! Still getting that pop-add from your site. Please tell me that's sponsored advertising....
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you screenshot the popup that you get here please

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#29
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Ok I will do as you requested tommorrow. Have had a VERY long day here. And Yes, I did get the pop-up again tonight. Will do a screen shot - that's F10 right? Been so long since I've done one. I've forgotten the what the key is for it!
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am not sure what key it is on your system but I use the print screen key
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP