also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Can't remove trojan horse BackDoor.Generic 14.CEXK virus

Discussion in 'Virus and Malware Removal' started by freshtag, Jan 16, 2012.

Page 2 of 2

  1. Broni Malware Annihilator

    Very well.

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Jan 19, 2012
    #21

  2. freshtag Newcomer, in training

    OTL results PT 1

    Broni,

    The computer seems to be working fine, but I have not done any thing on it besides your directions.

    I reinstalled AVG then downloaded OTL. Closed all windows and pasted script in the custom area. Then let run.

    Below are the two text files.
    ================================================================
    OTL.TXT:

    OTL logfile created on: 1/19/2012 12:25:36 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\craig berger\My Documents\Firefox downloaded Files
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.00 Mb Total Physical Memory | 541.36 Mb Available Physical Memory | 52.92% Memory free
    1.28 Gb Paging File | 0.84 Gb Available in Paging File | 65.67% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.28 Gb Total Space | 5.17 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
    Drive F: | 279.47 Gb Total Space | 7.09 Gb Free Space | 2.54% Space Free | Partition Type: NTFS

    Computer Name: THE-DELL | User Name: craig berger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/19 12:16:12 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/01/19 12:09:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\craig berger\My Documents\Firefox downloaded Files\OTL.exe
    PRC - [2012/01/16 13:25:46 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/19 12:16:12 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012/01/16 13:25:46 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    MOD - [2012/01/13 18:11:00 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/01/13 18:10:54 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2012/01/13 18:10:52 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2012/01/13 18:10:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/01/13 18:10:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2012/01/13 18:10:35 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2012/01/13 18:10:32 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2012/01/13 18:10:30 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2012/01/13 18:10:24 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2012/01/13 18:10:11 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2011/11/06 00:02:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
    MOD - [2011/11/05 23:54:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    MOD - [2011/11/05 23:50:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    MOD - [2009/04/14 10:59:55 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2009/04/14 10:59:54 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2009/04/14 10:59:53 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2009/04/14 10:59:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2009/04/14 10:59:52 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2009/04/14 10:59:51 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2009/04/14 10:59:51 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2009/04/14 10:59:51 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2009/04/14 10:59:51 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2009/04/14 10:28:51 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
    MOD - [2009/04/14 10:28:47 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
    MOD - [2009/04/14 10:28:46 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
    MOD - [2009/04/14 10:28:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
    MOD - [2009/04/14 10:28:45 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
    MOD - [2009/04/14 10:28:43 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2009/04/14 10:28:42 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2007/07/20 00:39:16 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2012/01/16 13:25:46 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/04/22 06:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2007/12/13 10:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
    SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2007/06/28 18:01:48 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2007/05/01 21:46:42 | 000,109,360 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
    SRV - [2007/05/01 21:46:36 | 000,150,320 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2007/05/01 21:45:44 | 000,121,648 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
    SRV - [2005/01/21 22:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/01/10 13:40:36 | 000,729,088 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
    SRV - [2002/02/15 09:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)
    SRV - [2001/04/06 13:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2009/02/16 14:35:42 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
    DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/01/20 01:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/07/18 18:44:22 | 003,599,000 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
    DRV - [2007/07/18 18:44:22 | 000,022,296 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2007/07/18 18:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/07/18 18:42:29 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/06/28 18:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2007/06/18 13:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/06/06 01:05:09 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2007/05/01 21:46:58 | 000,021,040 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2007/05/01 21:46:52 | 000,025,264 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2007/05/01 21:46:50 | 000,430,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
    DRV - [2007/05/01 21:46:50 | 000,034,608 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
    DRV - [2007/05/01 21:46:00 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
    DRV - [2007/05/01 20:53:12 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2007/05/01 20:53:12 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2007/03/23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
    DRV - [2007/02/02 02:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2007/02/02 02:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2006/10/24 14:36:05 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
    DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2006/01/03 15:31:44 | 000,117,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/01/21 22:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/01/21 22:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2004/08/25 09:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2002/07/30 19:22:36 | 000,171,776 | ---- | M] (The Linksys Group, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WMP11V27.sys -- (WMP11V27)
    DRV - [2002/07/09 16:14:00 | 001,172,416 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2002/07/09 16:13:00 | 000,594,832 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2002/07/09 16:13:00 | 000,167,155 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2002/05/13 21:59:20 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
    DRV - [2002/04/10 19:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/04/10 19:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2002/04/10 19:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2002/04/10 18:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2002/04/10 18:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2002/03/21 13:00:44 | 000,899,916 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
    DRV - [2002/02/11 09:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
    DRV - [2001/10/09 09:51:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
    DRV - [2001/08/23 02:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 15:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_msft.sys -- (hsf_msft)
    DRV - [2001/08/17 15:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_samp.sys -- (Rksample)
    DRV - [2001/08/17 15:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys -- (basic2)
    DRV - [2001/04/09 13:15:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)
    DRV - [2000/10/15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
    DRV - [2000/09/11 09:51:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/defaulta.aspx
    IE - HKU\S-1-5-21-220523388-343818398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-220523388-343818398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
    FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2008/11/07 16:30:23 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/11/07 16:30:23 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.23\ [2012/01/18 16:44:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/19 12:16:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 10:01:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 11:31:38 | 000,000,000 | ---D | M]

    [2009/11/22 11:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\craig berger\Application Data\Mozilla\Extensions
    [2009/06/26 08:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\craig berger\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009/03/27 08:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\craig berger\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/10/05 10:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\craig berger\Application Data\Mozilla\Firefox\Profiles\etltxlat.default\extensions
    [2010/08/04 13:34:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\craig berger\Application Data\Mozilla\Firefox\Profiles\etltxlat.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/18 11:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/01 12:44:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/01/19 12:16:44 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    [2011/11/10 10:01:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/19 12:16:08 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/11/10 10:01:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 10:01:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Gmail = C:\Documents and Settings\craig berger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/19 00:20:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-220523388-343818398-725345543-1004\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
    O3 - HKU\S-1-5-21-220523388-343818398-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
    O3 - HKU\S-1-5-21-220523388-343818398-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
    O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\craig berger\Start Menu\Programs\Startup\Bginfo.exe (Sysinternals)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-220523388-343818398-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Copy Location - Reg Error: Value error. File not found
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\Web\highlight.htm ()
    O8 - Extra context menu item: &Links List - C:\WINDOWS\Web\urllist.htm ()
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm ()
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\Web\frm2new.htm ()
    O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\Web\zoomin.htm ()
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\Web\zoomout.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-220523388-343818398-725345543-1004\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB (Reg Error: Key error.)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123348720328 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158814193670 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab (MJLauncherCtrl Class)
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab (XML DOM Document 4.0)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://209.56.63.5/activex/AxisCamControl.cab (CamImage Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9649A6C4-5D87-4D13-82A1-09938695A5F0}: DhcpNameServer = 97.64.168.12 97.64.183.165
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
    O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\craig berger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\craig berger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (SsiEfr.e)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.D263 - xl_x263dec.dll File not found
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
    Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    freshtag, Jan 19, 2012
    #22

  3. freshtag Newcomer, in training

    OTL results PT 2

    OTL.txt (cont...)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/19 12:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craig berger\Application Data\AVG2012
    [2012/01/19 12:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
    [2012/01/19 12:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/01/19 12:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/01/18 22:42:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/18 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
    [2012/01/18 16:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2012/01/18 16:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/01/18 15:29:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/18 15:29:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/18 15:29:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/18 15:29:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/18 14:30:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/10 23:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craig berger\Desktop\CleanR
    [2012/01/10 23:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craig berger\Desktop\Scans
    [2011/12/29 12:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craig berger\Local Settings\Application Data\Temp
    [2011/12/29 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/12/23 10:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\craig berger\Start Menu\Programs\HiJackThis
    [2011/12/23 10:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/12/23 00:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/12/22 21:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2008/02/21 02:48:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\craig berger\Application Data\pcouffin.sys
    [2004/08/25 10:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
    [2002/04/10 23:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/19 12:20:46 | 056,566,925 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/01/19 12:16:45 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/01/19 12:00:12 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2012/01/19 11:43:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-343818398-725345543-1004UA.job
    [2012/01/19 00:20:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/01/18 23:57:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/18 23:56:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/18 22:42:59 | 000,000,310 | RHS- | M] () -- C:\boot.ini
    [2012/01/18 22:34:06 | 004,915,254 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
    [2012/01/18 22:33:31 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2012/01/18 22:26:51 | 000,000,193 | ---- | M] () -- C:\Boot.bak
    [2012/01/18 18:58:16 | 000,003,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/01/18 15:02:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
    [2012/01/18 15:01:23 | 000,001,298 | ---- | M] () -- C:\Documents and Settings\craig berger\Desktop\Clean Registry for Free!.lnk
    [2012/01/18 13:43:02 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-343818398-725345543-1004Core.job
    [2012/01/18 11:25:31 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
    [2012/01/17 16:55:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012/01/17 16:55:23 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012/01/13 18:32:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/13 18:11:26 | 000,469,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/13 18:11:26 | 000,081,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/12 16:15:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/01/05 20:47:16 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\craig berger\Desktop\Google Chrome.lnk
    [2012/01/05 20:47:16 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\craig berger\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/12/30 16:24:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
    [2011/12/29 11:31:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/12/22 20:54:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    ========== Files Created - No Company Name ==========

    [2012/01/19 12:20:46 | 056,566,925 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/01/19 12:16:45 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/01/18 22:42:59 | 000,000,193 | ---- | C] () -- C:\Boot.bak
    [2012/01/18 22:42:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/18 22:28:59 | 000,000,310 | RHS- | C] () -- C:\boot.ini
    [2012/01/18 18:58:16 | 000,003,909 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/01/18 15:29:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/18 15:29:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/18 15:29:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/18 15:29:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/18 15:29:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/13 18:04:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/01/11 11:25:17 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\craig berger\Desktop\Clean Registry for Free!.lnk
    [2011/12/30 16:24:25 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2011/12/29 11:31:41 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/12/29 11:31:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/12/27 13:31:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/12/27 13:31:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/12/16 09:38:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AX6E750.com.b
    [2011/12/16 09:22:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4x5XiAEfj.dat
    [2011/12/15 09:06:43 | 000,029,272 | ---- | C] () -- C:\WINDOWS\System32\OOD2KBS.exe
    [2011/12/15 09:06:43 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
    [2011/12/15 09:06:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
    [2011/10/01 21:33:48 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
    [2011/08/30 15:13:35 | 000,179,975 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
    [2011/08/30 15:13:35 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat
    [2010/01/24 20:57:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2009/03/24 10:06:50 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/03/06 14:50:43 | 000,179,964 | ---- | C] () -- C:\WINDOWS\hpwins14.dat.temp
    [2009/03/06 14:50:43 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat.temp
    [2009/01/27 11:00:53 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/08/29 03:15:48 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/07/23 10:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/07/23 10:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/07/23 09:48:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/05/21 01:10:09 | 000,012,998 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
    [2008/04/28 02:38:38 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2008/04/28 02:38:38 | 000,002,550 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2008/02/21 02:48:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\craig berger\Application Data\pcouffin.cat
    [2008/02/21 02:48:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\craig berger\Application Data\pcouffin.inf
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2007/07/04 09:26:00 | 000,012,706 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
    [2007/07/04 09:25:53 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2007/06/28 18:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/06/01 12:16:58 | 000,000,371 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
    [2007/05/25 00:23:13 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2007/05/25 00:23:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2007/01/25 02:52:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSAccess.exe
    [2006/12/01 21:40:54 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
    [2006/12/01 21:40:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
    [2006/11/09 14:55:56 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
    [2006/10/24 16:36:55 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
    [2006/10/21 11:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
    [2006/09/24 12:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
    [2006/09/24 12:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
    [2006/09/24 12:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
    [2006/01/13 01:24:10 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2005/11/17 11:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
    [2005/11/05 17:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
    [2005/10/14 21:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
    [2005/09/05 15:06:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2005/08/06 14:23:11 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\craig berger\Local Settings\Application Data\fusioncache.dat
    [2005/08/06 12:37:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/08/06 11:42:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2004/08/25 09:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2004/08/25 09:26:56 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2004/02/01 13:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
    [2003/10/31 17:45:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
    [2003/10/31 17:34:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2003/10/01 18:36:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
    [2003/09/28 15:36:49 | 000,000,369 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2003/09/28 14:38:00 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Disney.ini
    [2003/09/20 17:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
    [2003/03/08 18:52:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2003/03/08 18:52:47 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2003/03/08 18:52:04 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
    [2003/03/08 18:52:04 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2003/03/08 18:51:59 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
    [2003/03/08 18:51:58 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
    [2003/03/08 18:51:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
    [2003/03/05 13:34:11 | 000,001,311 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
    [2003/03/04 14:11:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2003/03/04 14:10:21 | 000,010,406 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2003/03/03 21:50:36 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2003/03/03 19:38:51 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
    [2003/03/03 18:58:45 | 000,002,317 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2003/03/02 16:57:46 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\craig berger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2003/03/01 18:31:29 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
    [2003/03/01 16:58:06 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2003/03/01 16:34:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
    [2003/03/01 15:20:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003/03/01 14:46:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2003/03/01 14:37:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/03/01 14:31:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/03/01 06:23:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/03/01 06:22:35 | 001,070,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/07/19 10:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe
    [2002/06/25 15:44:16 | 000,469,848 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/06/25 15:44:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/06/25 15:44:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/06/25 15:44:14 | 000,081,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/06/25 15:43:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/06/25 15:43:52 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/06/25 15:43:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2002/06/25 15:40:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/06/25 15:40:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/06/25 15:37:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/06/25 15:37:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2012/01/18 16:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012/01/19 12:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2006/10/24 13:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/12/20 11:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
    [2011/12/11 16:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2009/04/11 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
    [2009/04/12 15:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
    [2012/01/19 12:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/02/05 12:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2007/02/05 12:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2008/10/01 08:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
    [2007/09/19 00:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
    [2008/10/27 10:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2009/06/26 08:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2006/09/27 19:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/03/12 23:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2008/09/03 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers
    [2011/12/20 11:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2011/12/18 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2007/08/13 01:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
    [2007/09/19 00:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Altima Technologies, Inc
    [2011/12/14 22:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\AVG Secure Search
    [2012/01/19 12:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\AVG2012
    [2011/12/16 10:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Coqae
    [2008/11/07 15:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\DVDFab
    [2007/12/31 16:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Leadertech
    [2009/02/16 14:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\McGraw-HillLicensing
    [2005/12/09 18:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Musicmatch
    [2008/10/01 08:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\PureEdge
    [2009/02/17 19:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\SanDisk
    [2011/12/18 11:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Systweak
    [2010/01/13 23:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Temp
    [2010/05/19 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Thinstall
    [2009/06/26 08:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\TomTom
    [2011/12/03 22:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\uTorrent
    [2011/10/22 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Vso
    [2011/12/16 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Vyefu
    [2011/08/31 14:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Windows Desktop Search
    [2011/09/20 10:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Windows Search
    [2008/02/18 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\WinWay
    [2008/04/20 03:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\Wireshark
    [2008/09/03 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\craig berger\Application Data\XemiComputers
    [2012/01/18 15:02:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
    [2012/01/18 11:25:31 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
    [2012/01/18 23:59:21 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/01/17 16:48:46 | 000,004,212 | ---- | M] () -- C:\aaw7boot.log
    [2005/09/05 00:33:50 | 003,074,276 | RHS- | M] () -- C:\AVG6DB_F.DAT
    [2008/04/28 01:02:33 | 003,843,412 | ---- | M] () -- C:\bar.emf
    [2012/01/18 22:26:51 | 000,000,193 | ---- | M] () -- C:\Boot.bak
    [2012/01/18 22:42:59 | 000,000,310 | RHS- | M] () -- C:\boot.ini
    [2011/12/16 22:12:40 | 000,036,197 | ---- | M] () -- C:\caavsetupLog.txt
    [2011/12/20 12:09:52 | 000,602,027 | ---- | M] () -- C:\caisslog.txt
    [2003/06/03 08:07:36 | 000,573,187 | ---- | M] () -- C:\chatterbox.exe
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/01/19 00:26:05 | 000,026,782 | ---- | M] () -- C:\ComboFix.txt
    [2006/10/24 14:35:36 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
    [2008/09/01 00:31:45 | 000,072,493 | ---- | M] () -- C:\debug.log
    [2009/09/29 21:40:07 | 000,009,285 | ---- | M] () -- C:\devicetable.log
    [2004/02/04 23:16:37 | 000,000,094 | ---- | M] () -- C:\DownloadLog.txt
    [2007/01/11 14:38:57 | 000,549,189 | ---- | M] () -- C:\EasyShareInstall.log
    [2007/02/23 11:39:48 | 000,027,203 | ---- | M] () -- C:\hpfr3740.log
    [2003/03/01 14:34:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/09/12 08:24:48 | 000,007,692 | ---- | M] () -- C:\lxce.log
    [2008/03/07 12:54:12 | 000,012,556 | ---- | M] () -- C:\lxcescan.log
    [2011/10/01 21:16:44 | 001,995,849 | ---- | M] () -- C:\lxceunst.csv
    [2008/09/25 07:34:13 | 000,000,100 | ---- | M] () -- C:\lxcg.log
    [2006/10/06 17:01:45 | 000,000,275 | ---- | M] () -- C:\lxcgfire.000
    [2006/10/06 17:03:19 | 000,000,275 | ---- | M] () -- C:\lxcgfire.csv
    [2006/10/06 17:03:43 | 000,000,867 | ---- | M] () -- C:\lxcginst.csv
    [2008/09/25 07:34:15 | 000,004,647 | ---- | M] () -- C:\lxcgscan.log
    [2008/09/25 07:34:49 | 001,150,587 | ---- | M] () -- C:\lxcgUNST.csv
    [2003/03/01 14:34:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2005/08/06 12:54:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/22 01:06:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/01/18 23:56:45 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
    [2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2006/12/01 21:45:34 | 000,000,160 | ---- | M] () -- C:\systemscandata.txt
    [2011/12/15 20:24:02 | 000,064,452 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_15.12.2011_20.14.51_log.txt
    [2011/12/16 22:45:02 | 000,067,542 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_22.41.54_log.txt
    [2012/01/18 13:35:45 | 000,066,390 | ---- | M] () -- C:\TDSSKiller.2.7.5.0_18.01.2012_13.30.42_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/03/01 14:33:49 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/11/13 09:00:32 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    [2002/05/14 18:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/13 21:53:56 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\craig berger\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2008/05/21 08:42:50 | 000,000,003 | ---- | M] () -- C:\Program Files\sFile64sys.ico

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/03/01 06:21:42 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2003/03/01 06:21:42 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/03/01 06:21:42 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/22 01:20:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/08/06 13:24:12 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\craig berger\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/03/01 14:42:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\craig berger\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2003/11/26 17:14:15 | 003,752,912 | ---- | M] () -- C:\Documents and Settings\craig berger\My Documents\DivXPlayerInstaller.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/06/25 15:38:12 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/08/06 13:24:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\craig berger\Favorites\Desktop.ini
    [2011/12/18 19:27:43 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\craig berger\Favorites\Microsoft bCentral.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/10 09:22:44 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\craig berger\Cookies\desktop.ini
    [2012/01/19 12:22:19 | 000,049,152 | -H-- | M] () -- C:\Documents and Settings\craig berger\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 12:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 12:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 12:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 12:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2002/02/12 19:52:30 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\migrate.dll
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2002/02/12 19:52:28 | 000,004,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsmigr.dll
    [2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/08/01 23:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/12/17 12:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 12:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 12:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/12/17 12:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
    freshtag, Jan 19, 2012
    #23

  4. freshtag Newcomer, in training

    OTL results PT 3

    OTL cont...

    Extras.TXT

    OTL Extras logfile created on: 1/19/2012 12:25:36 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\craig berger\My Documents\Firefox downloaded Files
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.00 Mb Total Physical Memory | 541.36 Mb Available Physical Memory | 52.92% Memory free
    1.28 Gb Paging File | 0.84 Gb Available in Paging File | 65.67% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.28 Gb Total Space | 5.17 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
    Drive F: | 279.47 Gb Total Space | 7.09 Gb Free Space | 2.54% Space Free | Partition Type: NTFS

    Computer Name: THE-DELL | User Name: craig berger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "20589:UDP" = 20589:UDP:*:Enabled:UDP 20589
    "25310:TCP" = 25310:TCP:*:Enabled:TCP 25310

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
    "C:\Program Files\Eidos\25 to Life\TTL.exe" = C:\Program Files\Eidos\25 to Life\TTL.exe:*:Enabled:TTL -- ()
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" = C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe" = C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME -- (Mozilla Foundation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
    "{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}" = Dell Picture Studio - Dell Image Expert
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{210CAF46-1137-41A5-925A-15E45D202550}" = A+ 2003 Book Demo v3.5
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
    "{2E520590-7E0F-450F-A11B-CC2C02E550B1}" = TurboTax 2008 wiaiper
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
    "{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
    "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
    "{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{536E1504-E2E0-4B25-9D61-5418DE8319A4}" = WinWay Resume Deluxe
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
    "{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}" = Wireless PCI Card Configuration Utility
    "{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
    "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
    "{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
    "{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
    "{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
    "{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
    "{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
    "{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
    "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B8FE7CDD-61D0-445D-9209-E809780B51DD}" = 25 to Life
    "{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
    "{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
    "{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
    "{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
    "{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Adobe SVG Viewer" = Adobe SVG Viewer
    "Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 5.1
    "All My Fonts" = All My Fonts
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2012
    "Belarc Advisor 2.0" = Belarc Advisor 6.1
    "Blaze Media Pro" = Blaze Media Pro
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVD-CLONER V2.50_is1" = DVD-CLONER V2.50
    "DVDFab Platinum 4_is1" = DVDFab Platinum 4.0.6.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "HPOCR" = OCR Software by I.R.I.S. 10.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Imagine TM 6 program" = Imagine TM 6 program
    "ImTOO MOV Converter" = ImTOO MOV Converter
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "LiveReg" = LiveReg (Symantec Corporation)
    "LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
    "Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
    "Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Modem User Guide" = Modem User Guide
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyTomTom" = MyTomTom 3.1.0.530
    "nik Color Efex Pro 2.0 GE" = nik Color Efex Pro 2.0 GE
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Packet Tracer 4.01_is1" = Packet Tracer 4.01
    "Packet Tracer 4.11 (No Tutorials)_is1" = Packet Tracer 4.11
    "Pop-Up Stopper Professional" = Pop-Up Stopper Professional
    "PowerISO" = PowerISO
    "PROSet" = Intel(R) PRO Ethernet Adapter and Software
    "QcDrv" = Logitech® Camera Driver
    "QuicktimeAlt_is1" = QuickTime Alternative 1.47
    "RealArcade 1.2" = RealArcade
    "RealPlayer 6.0" = RealPlayer
    "RegClean Pro_is1" = RegClean Pro
    "Registry Mechanic_is1" = Registry Mechanic
    "RER MOV Converter3.0.5" = RER MOV Converter
    "Shop for HP Supplies" = Shop for HP Supplies
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
    "ST6UNST #1" = RoofCalcWriter 8.6
    "Tablet Driver" = Tablet
    "TomTom HOME" = TomTom HOME 2.8.2.2264
    "TurboTax 2008" = TurboTax 2008
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "WinAVIVideoConverter_is1" = WinAVIVideoConverter
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPcapInst" = WinPcap 4.0.1
    "WinZip" = WinZip
    "Wireshark" = Wireshark 0.99.6a
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-220523388-343818398-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/15/2012 5:04:54 PM | Computer Name = THE-DELL | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 1/17/2012 6:43:08 PM | Computer Name = THE-DELL | Source = MsiInstaller | ID = 11500
    Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
    You must complete that installation before continuing this one.

    Error - 1/17/2012 6:43:09 PM | Computer Name = THE-DELL | Source = MsiInstaller | ID = 11500
    Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
    You must complete that installation before continuing this one.

    Error - 1/17/2012 6:43:09 PM | Computer Name = THE-DELL | Source = MsiInstaller | ID = 11500
    Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
    You must complete that installation before continuing this one.

    Error - 1/17/2012 6:44:31 PM | Computer Name = THE-DELL | Source = MsiInstaller | ID = 11500
    Description = Product: Ad-Aware -- Error 1500. Another installation is in progress.
    You must complete that installation before continuing this one.

    Error - 1/19/2012 1:05:05 AM | Computer Name = THE-DELL | Source = ESENT | ID = 481
    Description = svchost (1148) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
    at offset 4096 (0x0000000000001000) for 65536 (0x00010000) bytes failed with system
    error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
    will fail with error -1022 (0xfffffc02). If this error persists then the file
    may be damaged and may need to be restored from a previous backup.

    Error - 1/19/2012 1:05:19 AM | Computer Name = THE-DELL | Source = ESENT | ID = 481
    Description = svchost (1148) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
    at offset 4096 (0x0000000000001000) for 65536 (0x00010000) bytes failed with system
    error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
    will fail with error -1022 (0xfffffc02). If this error persists then the file
    may be damaged and may need to be restored from a previous backup.

    Error - 1/19/2012 1:05:31 AM | Computer Name = THE-DELL | Source = ESENT | ID = 481
    Description = svchost (1148) An attempt to read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
    at offset 62464 (0x000000000000f400) for 512 (0x00000200) bytes failed with system
    error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation
    will fail with error -1022 (0xfffffc02). If this error persists then the file
    may be damaged and may need to be restored from a previous backup.

    Error - 1/19/2012 1:05:36 AM | Computer Name = THE-DELL | Source = ESENT | ID = 465
    Description = Catalog Database (1148) Corruption was detected during soft recovery
    in logfile C:\WINDOWS\system32\CatRoot2\edb.log. The failing checksum record is
    located at position END. Data not matching the log-file fill pattern first appeared
    in sector 122 (0x0000007A). This logfile has been damaged and is unusable.

    Error - 1/19/2012 1:05:36 AM | Computer Name = THE-DELL | Source = ESENT | ID = 454
    Description = Catalog Database (1148) Database recovery/restore failed with unexpected
    error -501.

    [ System Events ]
    Error - 1/19/2012 1:19:06 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 1:42:13 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 1:43:22 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 1:44:31 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 1:59:08 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7022
    Description = The HP CUE DeviceDiscovery Service service hung on starting.

    Error - 1/19/2012 1:59:08 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 1/19/2012 2:00:08 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 2:01:10 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 2:12:48 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 1/19/2012 2:13:25 AM | Computer Name = THE-DELL | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.


    < End of report >
    freshtag, Jan 19, 2012
    #24

  5. Broni Malware Annihilator

    Very well :)

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ==============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O8 - Extra context menu item: &Copy Location - Reg Error: Value error. File not found
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...4D/mp43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jan 19, 2012
    #25

  6. freshtag Newcomer, in training

    Java Update

    When I click on this link. I got the following Warning - Security window

    The application's digital signature has an error. Do you want to run the application?

    Name: jreVerify

    Publisher: Microsoft Corporation

    From: file://

    I had the option to Run or Cancel. I clicked Run Then I get a pop up that says:

    Warning - Security

    Java has discobered application components that could indicate a security concern.

    Name: jreCheck

    Block potentially unsafe components from being run? (recommended)

    Options= YES or NO


    Which should I pick? Yes or No.
    =================================================================================

    Also here is the first steps that I completed.

    I uninstalled "Viewpoint Media Player" (this was the only one listed), ran OTL again and rebooted. Below is the text file from the last OTL Scan.

    ==================================================================

    OTL Results

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Copy Location\ deleted successfully.
    Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71}
    C:\windows\Downloaded Program Files\mp43dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: craig berger
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 2838 bytes

    User: Default User
    ->Flash cache emptied: 56475 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7263039 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: craig berger
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: craig berger
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01192012_164934

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_750.dat moved successfully.

    Registry entries deleted on Reboot...
    ===============================================================
    freshtag, Jan 19, 2012
    #26

  7. Broni Malware Annihilator

    No. It's totally safe.
    Broni, Jan 19, 2012
    #27

  8. freshtag Newcomer, in training

    Broni,

    I updated Java. Ran Security Check then ran Farbar Service Scanner. After that I ran Temp File Cleaner then the ESET Scan.

    ESET Scan did not find any infections.

    Once I completed all the scans I was not sure if I had ran the JavaRa scan and so ran that. Should I go back and redo the rest of the step after the JavaRa scan?

    Here are the rest of the scans.
    =================================================
    SecurityCheck results:
    Checkup.txt

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date Spybot installed!
    Spybot - Search & Destroy 1.5.2.20
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    CCleaner
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
    =================================================

    Farbar Service Scanner - FSS.txt

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by craig berger (administrator) on 19-01-2012 at 21:56:45
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Yahoo IP returend error: Yahoo IP is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Avgtdix(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4) VMnetBridge(9)
    0x0C0000000500000001000000020000000300000004000000560000000A0000000B00000006000000080000000700000009000000
    IpSec Tag value is correct.

    **** End of log ****
    =================================================
    freshtag, Jan 20, 2012
    #28

  9. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Jan 20, 2012
    #29

  10. freshtag Newcomer, in training

    Broni,

    I ran the OTL and copied the code into it. It restarted the computer but when it restarted my computer it did not recognize my monitor or do anything after coming back on, so I had to Hard Shut it down. Wiggling the mouse would do nothing, Ctrl+Alt+Delete would do nothing, and turning the monitor off and then back on would do nothing. It did however produce a log on restart (See Below.) Also I got a pop up from jusched.exe.
    -------------------------------------------------------------------------------------------------------
    jusched.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

    If you were in the middle of something, the information you were working on might be lost.

    Please tell Microsoft about this problem.
    we have created an error report that you can send to us. We will treat this report as confidential and anonymous.

    To see what data this error report contains, CLICK HERE.

    Options:
    "Debug" "Send Error Report" "Don't Send"
    -------------------------------------------------------------------------------------------------------

    Should I run the OTL again? I have not moved on to the next steps after running OTL yet.
    ===================================================================================================

    OTL Results:


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: craig berger
    ->Temp folder emptied: 182090 bytes
    ->Temporary Internet Files folder emptied: 5343223 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46319234 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1792 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4111209 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: craig berger
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: craig berger
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_132554

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_1b0.dat moved successfully.

    Registry entries deleted on Reboot...
    =======================================================================================================
    freshtag, Jan 21, 2012
    #30

  11. Broni Malware Annihilator

    Broni, Jan 21, 2012
    #31

  12. freshtag Newcomer, in training

    Broni,

    I disabled the jusched.exe as you have stated, then continued to the other steps. I have removed all the tools that we used (other than those you stated to keep.) I have completed all the updates on windows. I have also downloaded all the other programs that you have stated to download and I have ran scans with all of them.
    ------------------------------------------------------------------------------------------------------
    I have had a few problems since completing everything.

    1. I got a pop up when I tried to play a DVD with Windows Media Player that said:
    "Windows Media Player cannot play this DVD because there is a problem with digital copy protection between your DVD Drive, decoder, and video card. Try installing an updated driver for you video card."
    --this was a rented DVD but it also does it with my personal collection as well. There are no updates for the video card under "Windows Update." It does pull the information up in Window Media Player with the disc name and chapters. I have ran the Add Hardware Wizard to see if that would find anything, but has not.

    2. The computer has been running slower at times and the pop up for Virtual Memory running low has been popping up a lot lately.

    3. I have also been getting pop ups stating:
    "Warning: Unresponsive script
    A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

    Script: http://choices.trust.com/ca?aid=hp02&pid=hp01&cid=75329063&w970&h=250&plc=tl&c=cachebuster&js=2:125

    [box] Don't ask me again

    [options] Continue Stop script"

    I have been clicking the "X" in the top right corner.

    This pop up has just occurred while replying to this form.
    ----------------------------------------------------------------------------------------------------
    What programs do you recommend for anti-virus, Ad-ware/spyware removal, and system cleaners?
    freshtag, Jan 25, 2012
    #32

  13. Broni Malware Annihilator

    1. I really don't like Windows Media Player and I know nothing about it.
    I suggest you switch to much better VLC Player: http://www.videolan.org/vlc/

    2. Are you getting it from AVG?

    3. What browser?
    Broni, Jan 25, 2012
    #33

  14. freshtag Newcomer, in training

    Broni,

    1. I will download VLC player

    2. No its just a pop up that comes up down in the task bar next to the clock.

    3. I am using Firefox.
    freshtag, Jan 26, 2012
    #34

  15. Broni Malware Annihilator

    2. I've seen this issue on computers with AVG installed.
    Try to switch to something else.
    Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    3. If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
    If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
    Same issue?
    Broni, Jan 26, 2012
    #35

  16. freshtag Newcomer, in training

    Broni,

    Which AV program do you recommend?

    What programs do you recommend for Ad-ware/spyware removal, and system cleaners?
    freshtag, Jan 26, 2012
    #36

  17. Broni Malware Annihilator

    I replied above.

    MBAM and TFC is all you need.
    Broni, Jan 26, 2012
    #37

  18. Broni Malware Annihilator

    The issue seems to be resolved.
    Broni, Feb 1, 2012
    #38
Page 2 of 2