also @ TechSpot: Nvidia GeForce GTX 780 Review

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

System Check virus removed but Internet not working

Discussion in 'Virus and Malware Removal' started by nautilus808, Feb 8, 2012.

Post New Reply

Page 3 of 5

Broni Malware Annihilator Posts: 39,398 +177

Did you say "Yes"?
Then read my previous reply.

Broni, Feb 10, 2012

#41
nautilus808 Newcomer, in training Posts: 60

Broni said: ↑

...

got it!Thanks for all ur time. Running from safe mode.......

nautilus808, Feb 10, 2012

#42
Broni Malware Annihilator Posts: 39,398 +177

Cool............

Broni, Feb 10, 2012

#43
nautilus808 Newcomer, in training Posts: 60

I ran rkill. here is the log sheet:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/10/2012 at 21:46:44.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe

Rkill completed on 02/10/2012 at 21:46:46.

i ran combo fix from safemode, deleted old copies, renamed combofix myname.exe

Combofix still wont run
Same message "however scan times for badly infected..........."

nautilus808, Feb 11, 2012

#44
Broni Malware Annihilator Posts: 39,398 +177
Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Feb 11, 2012

#45

nautilus808 Newcomer, in training Posts: 60

OTL Extras logfile created on: 2/10/2012 10:32:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pondalex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.05% Memory free
6.23 Gb Paging File | 5.88 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.12 Gb Total Space | 402.57 Gb Free Space | 69.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.29 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.51 Gb Free Space | 94.21% Space Free | Partition Type: FAT32

Computer Name: PONDALEX-PC | User Name: Pondalex | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

nautilus808, Feb 11, 2012

#46

nautilus808 Newcomer, in training Posts: 60

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051BBB80-25F6-46F0-AC34-150508186EF3}" = lport=137 | protocol=17 | dir=in | app=system |
"{09042435-7FF9-492E-B2A1-F9B46656CEC1}" = rport=445 | protocol=6 | dir=out | app=system |
"{1521D066-526B-4F03-9D8D-2C874931AECE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1825A86F-DABD-427E-B5AF-91E12CE00C96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22348191-28F6-48C2-9C22-32D967407657}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{229F5975-0F92-4235-9528-059E3A41EE65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{26597EEE-9585-4801-8D95-418849361F15}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{2BDF3947-841E-4670-851A-B75DE96FA459}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3044C3D0-E897-49E1-B35C-1A6EA7EAD6AB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{410785C7-1B74-468F-9990-018E2A036E3C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{488775C6-D282-4398-AFC6-5EE26D8B4E08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49AD9618-85FB-4FAC-BF1B-DC84E965B1CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{671B0F5E-8081-49F4-AD9B-1A90677248B0}" = lport=445 | protocol=6 | dir=in | app=system |
"{673B0ED4-CE15-4499-A3D0-64AFFA2683DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A1F3CE9-8DFA-4C70-899D-34D316E08CD1}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D08AB37-F4A2-4D95-806C-FD4FDFDC3F94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FAF47C1-3823-4DB2-B511-AEC9F6628BDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7368128D-D975-4B20-BCB2-7ADCDBB15F03}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{761A1A93-FA5A-494B-8203-397E4D5A9C95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{786AA48B-D002-4495-8C06-89664482D6B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{7B809723-4AAE-47C4-821B-280659CB2012}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84499E54-C285-4287-9CF5-0D3B57781D8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92F518D7-29E7-4CD9-B286-3C7B661C46DA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{992D0223-B79E-48A9-A176-44F7FBB14DC6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9C3B004D-9CD9-4D4D-B73E-A60D81C4244A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A53B4D62-A100-49B4-B0B8-13DE280881AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5EE9030-2AF8-48CC-99C3-F7806DB0E70A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AEB5AF61-ABF4-43B0-9C07-6EE95C936849}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{B35B71D1-23F1-4BB9-9930-64D12DFF64D5}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BE95C3AE-0A8D-4E90-B99E-24D8065196C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEC13FD4-FEC3-4778-80D6-EA9738BF004A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C2B7FADD-2868-43B4-B97E-7153815DE94C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDC821F8-D965-4E46-A855-C36318215FF4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D38BCAD6-C614-4EE1-8415-A21A7FBF3D14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D5F3E7C5-641B-41DA-A929-94316658C624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D60CF1DE-1FD0-4CC8-BE41-B3B576C457E1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{D93FD1C1-90E8-4B2F-B3B5-ED304B9E90FA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3713CD6-FCFA-4E6E-94D9-6578911E273D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6768782-6BDE-4D69-BA9F-55860120AC86}" = rport=137 | protocol=17 | dir=out | app=system |
"{FCFB7127-C269-4E5B-8B7C-F417C4D41FC2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD5E52CE-F232-4A28-8021-82C06DA5E696}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD992069-598A-4693-84A5-2F80879514EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005B8E6C-987C-49C1-9523-FDF1B42104BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02424703-F3FE-4EAC-9CBB-D606C202EC6D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{03F66638-9DF9-4EAC-964B-8E6F7A87CD5C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{059EA0E3-6DA0-4639-BF19-4C173D797025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05D6FAF0-64CA-4B76-B0E0-094126B62BB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{067DCFB9-CB79-4F4D-81E1-259DCCE194E7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{072688A4-8D0F-40C1-95F6-B3359EC2CECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08FEB6F3-7589-4397-8ECB-D4C1B4839EDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D63D13F-ADE5-4D6B-8BC1-3734C33116F4}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{0EF310E8-20FE-47B6-9B59-DF02A469ED4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F49EC18-1D8D-4071-87D6-EB0A802699DC}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{1015BCEC-AD90-4907-8058-F022CB85C9FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1335493B-7031-4574-A478-72BEC92D491B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19285FA7-23D6-4AC8-8198-23443E12FC8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B583C20-5AE1-4EAE-973D-7C7E64200022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DEF590C-8E93-4374-AA43-0E92817335CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1E829F8F-2BC4-41C3-A66B-7333246873F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F21D2EF-08D1-49EF-B966-D65B58A69BA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F751DAA-AD24-4E42-8680-EEF450404C5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{214A3C33-837B-4BDC-9527-8BBEA934F6CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{216C8047-F289-4587-B9B6-D3E69CF50576}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25C1F6A5-49C7-422D-BDD3-0020530F9CF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25C8619E-48CE-4A57-8D04-A8F3580D18DC}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{338158E1-AEA8-4D1C-BA9F-DF48320CF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37D3B2EB-3641-42DB-9691-81E4EC5B4AFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{380C8045-BFC1-44A4-9580-48B3FFF068B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43EE059F-627D-4A77-9E2B-F2957DB54A7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4417AE54-B353-4B97-8E41-E4208AF1BC74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{443F4EAF-4B6F-4904-B367-1831E742B235}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{449C2ECB-C106-4636-8719-DFE2005F57E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A69334E-CDDA-4080-A026-09551D996C0B}" = protocol=6 | dir=in | app=c:\users\pondalex\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{4D558B62-42D0-4964-B87E-5E3C5A11BC9F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4E93BCC2-A673-4BEC-9357-87652F715058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{509B1D06-025C-46D7-B001-883D2AF936D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5438DB86-EA44-4844-8100-43B44DF75B73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54F9BA77-6CB1-41B2-96AC-81C4111F087C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{57301A08-62E8-4300-9A8D-EBBC92F856E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5796304F-EB08-4ABC-A286-219EBE47E6A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CD76D40-A3BB-4563-881B-A2D38B4B6938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DEC6572-A234-4505-BD8E-EDC824090AE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61DD3184-2A46-4011-AA16-6995F88DD4ED}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{62D158A4-910F-4F9F-ABEC-4060E529D9E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{673EACD5-D824-4535-B3E9-B283C159EC8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69AD5A1C-C2C9-4FD2-91EE-5E88A2A31AEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A76B5AE-AAF4-4D25-9DB2-A7A91A25C4C3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6AAFE5C4-D075-4356-9219-62F2E329DCCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D5C30F6-CBB2-4267-8659-8A064AAD3AD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{752E7C1E-2171-4DF2-90CA-762F07ACBBE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{788E6434-A493-4856-9DC9-3A2170FF1F9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{791E7868-2CF4-4C4F-90E4-A0CD6BD8AB6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8061B6E0-1DB4-4261-8388-AC5ACF830C4D}" = dir=in | app=c:\users\pondalex\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8163699A-6195-480B-B2CB-A6081748A2EB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{85981CB7-CD78-42AC-9086-BD7CBEEF75EA}" = protocol=17 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe |
"{8796D5DC-4E0F-4A46-9EDD-C4134D87BEC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{891A1427-F82B-4B24-A59D-2ED1FF9968B6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{8CB0189A-06E6-4562-B5D2-6DF5EAA8F0D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8E50812C-5662-48A9-A888-2B25693913F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90C64C26-FF38-40D9-A392-10B277306E72}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{92784017-8082-4B31-84AF-8700F2737B18}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{93014871-42AE-4E73-B3BD-62686481D492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94179332-2F67-4BFF-A86F-B9571D576EEB}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{944570B1-07B5-4B42-BFD3-73D621C70CA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{954B0C52-6152-4CF4-BA8B-628BA370DCDF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95CD36A3-20B5-4196-A23F-434CD13AA323}" = protocol=17 | dir=in | app=c:\users\pondalex\appdata\local\tversity\media server\mediaserver.exe |
"{9CDD3DDE-07B7-47AA-A046-E317724501F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CF070CF-D504-419D-8BA3-C6019F620C6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9DBF89AF-70CB-45F5-9D85-CE1A1DE080FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E08F687-95A0-4F53-9DF0-B013074F9DC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FE5EA73-76DB-4DE9-A912-486BDDDFC9E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A299BCD8-4E91-4596-B348-D442EE07B2C1}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A2EAA1A6-5A85-4290-9BED-227C1E8C4F66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A40A4F73-3BB1-437B-9A21-503F65080ED5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A54374EC-5697-4DF2-991A-D45799D67995}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A7409AED-5402-48CF-8F2C-0F131EBCA9BD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{A7BE7154-6643-4322-AB77-A4873FB53C34}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A7FC9A05-7533-4A42-A197-E6905519A83E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A82DAED0-4EC5-4A62-AE2F-48E68AED5B67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA5A8D1E-DC7B-4B60-AAEC-A80E180A328A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABCD1CF8-35B7-4E5D-A86C-A40D3E64EA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADDFB155-81DF-40FA-8A00-8F8F9398321A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE95A1A3-6241-4FCE-B4CE-D88F08715E16}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AF68CC17-1130-4612-B6CA-BF3839B08659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFC1A050-EA63-475A-81D1-F393CB9194EB}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B0F4021D-CA00-4A66-B7B9-3E76D36163AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B10090E0-86DB-4602-967D-3A91789B4593}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{B1A36587-475B-441B-B8AB-FBE2E5D6210D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B1C69675-DF85-4F6C-96AF-0BD89847BC59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B433BE7E-B420-4856-88FC-09268CF17C66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5E6B512-45B9-45F7-927B-81D01D42F31D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B69DB012-EB0A-4623-A6C3-CFC27536F6ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B8888E0A-5A69-401F-BDBA-C7A9255E0D40}" = protocol=6 | dir=out | app=system |
"{B94B451F-9640-4149-B8AB-05565DC78F62}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{B9BD13E4-1411-49A6-80FD-0F3DE9092A78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD379C10-6253-492E-B8A3-673FE3BF69E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDE5A946-04ED-436A-AA74-F60726A24B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE0CE706-CDF0-46F9-BCFD-928BFC3164F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BED3D035-2576-4D7B-B3FD-E17DA59F1BFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1D8C662-160A-46C3-8673-4194C787E9E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C48D275B-2BF4-453C-9A47-7BE8246E0A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C56607E7-D9FC-44C6-9A21-93EA777AAEF9}" = protocol=17 | dir=in | app=c:\users\pondalex\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{C7F16776-5A42-41A1-BF70-E36EC08AB883}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C8F0918F-55C4-406C-969A-04DA034E697A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9417FD3-FDBD-4801-9D6C-4674FD321A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBA6C375-BDBE-444C-9D45-207206EB9064}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CC38840D-0271-4D8F-A511-0E388DFD3644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEE2C285-5A4B-43AA-BED0-B22D3C5093B1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D8A3792E-191F-472D-BDD8-683A62BB4ECD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DB1A3311-B7FC-46D7-A5BE-2EDDE43CEC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6429216-B62A-4746-ACCB-83A91F11CF25}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EAB604B1-022F-4B34-9437-19AD5AAC2418}" = protocol=6 | dir=in | app=c:\users\pondalex\appdata\local\tversity\media server\mediaserver.exe |
"{EAD2DBAB-2E62-4B3C-AC16-968CC91EBC2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB0331F5-BE71-4843-8EC5-7AA6852F3125}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE315075-A8BC-49B1-9C3A-D7B85ED9E03D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFE20CFF-751D-48DD-8BED-345F09CDBAF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1423AB2-24F1-4823-A7AF-63CE46863D72}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F3B828B4-82E4-4B53-992A-9A1A9A90BF75}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{F3F41D3B-F311-43CF-8D0A-27A21EA32C68}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F504C771-E86D-4CC2-A893-69F1D74283AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F87EC578-2C58-4D88-9309-95D5BAEAACA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8C5A295-B08B-4D8E-8957-6379306211D0}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F8C823CE-8CB0-471B-8B83-56432CB599BB}" = protocol=6 | dir=in | app=c:\program files\savetubevideo.com\savetubevideo\downloader.exe |
"{F8D93206-D552-4126-AC20-B34A2C1B9579}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{FB3AB1B7-6A89-4B47-A94E-75FF51D5B6BB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FBC3BC35-C9D0-4536-A03D-74E2ED3BD046}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCFA8A59-C851-4505-AEF4-5A4EC385E922}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FE04D13B-5EA4-4C97-B33A-357142496FDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEE62167-2D17-48DC-8D60-1FAC6F22E1C2}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FFEF78C9-30C3-40C4-9064-C1D5A32E3C3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1E0A0A18-3E5E-46DE-97D9-032F1CB88743}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{24CDCCAE-30C5-4EE7-A158-3A538F0014EB}C:\program files\dylogic\vision\bin\vision.exe" = protocol=6 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
"TCP Query User{5145181B-CD05-4B97-A64F-C6FD43351EDD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{80606018-B02E-44A1-902F-C43783C44D8D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{943C8E04-93B3-4F91-ABF5-BEFC0D6E0DD6}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A6955BFF-0ADC-42C7-B14D-212E1817EFE4}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{AEA52364-85F4-4EFD-A25F-1EE7E6E02323}C:\program files\dylogic\vision\bin\vision.exe" = protocol=6 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
"UDP Query User{1FF73E11-E0DB-4739-B249-3C19BEACFE34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2F65793E-DF00-427E-AE9F-EAEF2BABCEED}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{3C44C0CA-1FB1-43FF-A720-3318039C0224}C:\program files\dylogic\vision\bin\vision.exe" = protocol=17 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
"UDP Query User{99668303-6933-4629-AD7D-212C79336851}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B66A14A5-F742-4B8F-8FDA-FAE5271AFEBC}C:\program files\dylogic\vision\bin\vision.exe" = protocol=17 | dir=in | app=c:\program files\dylogic\vision\bin\vision.exe |
"UDP Query User{C10F8CB3-4845-44BD-8C83-ABB480A7F837}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{E43C185C-1D7F-4D6F-B377-AEAC01A5C564}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E0BAD-DC62-DF83-4D19-D110C61FE679}" = CCC Help Chinese Traditional
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AC457CB-3661-B42F-6181-5D1305C1475A}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E86AF86-F103-A148-7070-0596A5FCEAD7}" = CCC Help French
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7CFAB6-A7FC-31E5-2917-989B06B09270}" = CCC Help Turkish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2888EBA9-91E6-D3EF-FC6D-7B3C2B045CAE}" = CCC Help English
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2AE86CEE-BAC2-D043-9237-E83198098C91}" = Catalyst Control Center InstallProxy
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA64D86-61D9-40A4-A89F-D4E6DEDD301D}" = Catalyst Control Center Localization All
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3411B11D-91D6-B456-0FAE-24BF99868231}" = Catalyst Control Center Graphics Previews Common
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{401A4D76-C360-2084-F163-1FABD851D314}" = CCC Help Thai
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43461D82-2DD5-B2D7-886D-5C1A52C09904}" = CCC Help Polish
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B61C9AE-3FDD-9DB7-4247-7D96A03C018D}" = CCC Help German
"{4F0CEB21-51DF-499F-95EB-FE95305A249F}" = CASC
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5165FA54-2957-4BC9-44CC-D21BDCE9D9E6}" = CCC Help Japanese
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58374E01-D455-ABAE-CD3A-548911E1CAAD}" = CCC Help Swedish
"{59B734CE-69E9-F555-380C-0B9D880F4E95}" = CCC Help Hungarian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{620797B0-A022-4B57-A95E-DD7DD0341014}" = HideAnyWindow
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{665815D4-1F82-D581-E762-A2E0A15E6512}" = CCC Help Dutch
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83AB2CBA-BEA9-C709-7FB7-AFFCD604F810}" = ATI AVIVO Codecs
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FADE3A-DF93-F38C-1952-05D55880B82A}" = ccc-utility
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1CB4C2-283E-39A7-2AFA-6D3320E012A8}" = CCC Help Chinese Standard
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93703800-E668-1370-1756-2003BA060281}" = CCC Help Russian
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A837D2-EB2E-9F85-1DB8-01B8337DFC08}" = CCC Help Czech
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{96976098-9527-41E4-837E-EAA1DBEADB54}" = TurboTax 2008 whiiper
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8692DA-9451-AA41-404A-72308CAE1BF5}" = CCC Help Spanish
"{9CF2ECFE-5242-B513-5DB4-A751BD735DD2}" = CCC Help Danish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Ru

nautilus808, Feb 11, 2012

#47
nautilus808 Newcomer, in training Posts: 60

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B63B53EF-B1D5-C009-28D6-592F64707E17}" = ATI Catalyst Install Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB7D274A-8AFD-4E55-BDD3-DCD2A91D1B0D}" = Vision
"{BC92AA6F-2DAF-1BA2-7C86-1DBBA6423C5F}" = CCC Help Norwegian
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6F8056-3EC3-4582-A915-9BF11A82097A}" = TurboTax 2008 wnmiper
"{D17772DB-061D-CF9A-7A82-E8C047195259}" = CCC Help Portuguese
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D3903688-F924-4AD8-B762-259CF2946C4E}" = QuickConnect
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5507048-ED32-BEE8-431D-303F741DE073}" = CCC Help Italian
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECCD21C-4BCC-1326-0EF3-7E87C97E14D9}" = CCC Help Greek
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8B708FF-D116-0D4D-DC14-72827A219D54}" = HydraVision
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EFD21D05-4618-D72A-464F-B0D1911617A7}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F56F9237-B298-48B4-BC57-2E4629987700}" = Dell DataSafe Online
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8461-7759-5462-8226" = Vuze
"AccessR" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ARO 2012_is1" = ARO 2012
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Camfrog 6.1" = Camfrog Video Chat 6.1
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Chuck's Planted Aquarium Calculator_is1" = Chuck's Planted Aquarium Calculator v1.0i
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"Excel Join (Merge, Combine) Multiple Sheets & Fi~0B6A6C16_is1" = Excel Join (Merge, Combine) Multiple Sheets & Files Into One So
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"ffvfw" = ffvfw (uninstall only)
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GPG4Win" = Gpg4win (2.1.0)
"GridinSoft Trojan Killer" = Trojan Killer
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KidLogger_is1" = KidLogger PRO 5.6.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LimeWire" = LimeWire 5.2.13
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Orb" = Winamp Remote
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"QwestQuickCare_is1" = Qwest Quickcare 2.5
"RealPlayer 12.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TrueCrypt" = TrueCrypt
"TurboTax 2008" = TurboTax 2008
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"TVersitybar Toolbar" = TVersitybar Toolbar
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VLC media player" = VLC media player 0.9.2
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Webcam Simulator_is1" = Webcam Simulator 5.3
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"VirtuaGirl_is1" = VirtuaGirl version 1.0.8.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

nautilus808, Feb 11, 2012

#48
nautilus808 Newcomer, in training Posts: 60

OTL logfile created on: 2/10/2012 10:32:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pondalex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.05% Memory free
6.23 Gb Paging File | 5.88 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.12 Gb Total Space | 402.57 Gb Free Space | 69.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.29 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.51 Gb Free Space | 94.21% Space Free | Partition Type: FAT32

Computer Name: PONDALEX-PC | User Name: Pondalex | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StopSign Update Manager)
SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2011/03/02 08:20:58 | 000,224,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010/11/25 19:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/24 13:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/23 17:28:07 | 000,263,504 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2009/02/23 17:28:05 | 000,111,952 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (sstsmonsvc)
SRV - [2009/02/23 17:28:05 | 000,111,952 | ---- | M] (eAcceleration Corp) [Auto | Stopped] -- C:\Program Files\eAcceleration\Framework\eac_svc.exe -- (eac_notifysvc)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/18 13:22:44 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/08/06 09:10:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/06 08:51:50 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/05/14 07:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 07:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 07:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2007/10/03 12:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/01/04 07:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/11/25 21:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/11/25 19:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 05:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/03/30 21:26:33 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/12/16 23:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 15:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2008/07/26 08:25:58 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2008/07/26 08:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2007/09/12 01:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/06/15 09:28:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/21 07:15:42 | 000,009,344 | ---- | M] (Hajo Krabbenhöft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tenCapture.sys -- (tenCapture)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Pondalex\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pondalex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pondalex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pondalex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:02:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\FF

[2010/09/06 11:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Extensions
[2009/08/30 18:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/29 21:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions
[2010/06/13 21:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/11/25 08:05:30 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Pondalex\AppData\Roaming\Mozilla\Firefox\Profiles\gube1t88.default\extensions\toolbar@ask.com
[2010/03/27 14:56:33 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Pondalex\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Click to call with Skype = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: Gmail = C:\Users\Pondalex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/10/09 08:21:32 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hxmihOGCcujDAx.exe] C:\ProgramData\hxmihOGCcujDAx.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe (Tesline-service)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Camfrog] C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [CamfrogServer60] "C:\Program Files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe" 0 C:\Program Files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe File not found
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Facebook Update] C:\Users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000..\Run: [MS Shell Services] C:\Program Files\KidLogger\Kidlogger.exe (Tesline-service)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\Pondalex\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2359270729-473054158-1944764805-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/09 21:10:08 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/09 21:10:08 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3c44b837-9004-11dd-9a75-001ec951d625}\Shell - "" = AutoRun
O33 - MountPoints2\{3c44b837-9004-11dd-9a75-001ec951d625}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a591c8c6-11bc-11de-9b21-b397ca9d42d4}\Shell - "" = AutoRun
O33 - MountPoints2\{a591c8c6-11bc-11de-9b21-b397ca9d42d4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b1130fb6-63ac-11dd-a1d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b1130fb6-63ac-11dd-a1d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MONITOR.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

nautilus808, Feb 11, 2012

#49
nautilus808 Newcomer, in training Posts: 60

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.fvfw - C:\Windows\System32\ffvfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 22:28:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 21:47:53 | 000,000,000 | --SD | C] -- C:\pondalex.exe
[2012/02/10 21:42:15 | 004,400,207 | R--- | C] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2012/02/10 21:40:02 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/02/09 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4C1E80EB-0CE3-47E1-B285-2497918556EA}
[2012/02/09 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A212E0D0-ED22-437B-A26A-4024B8CA0954}
[2012/02/09 21:33:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/09 20:52:40 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{41A808CF-B1B1-4A56-943B-A2C051B54CE7}
[2012/02/08 22:07:55 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/02/08 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
[2012/02/08 21:42:16 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{085C0C62-9B01-457D-A3E1-D8DD9E54483C}
[2012/02/08 21:36:40 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/07 23:01:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3E46A29A-6D77-46D0-8020-0E344BAFD700}
[2012/02/07 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{964E2C7A-4349-40B9-9648-40795122C323}
[2012/02/07 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{AD07AE29-C492-4FAD-BC21-3365F627DD40}
[2012/02/07 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4D63A5AA-817B-4E57-8F90-1989811D3877}
[2012/02/07 20:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/02/06 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{59B9D6FD-561B-4CE4-B90C-E54743CCDCD6}
[2012/02/06 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{7E11F4BE-CB8C-409A-983B-DF322FC48828}
[2012/02/06 20:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/02/06 20:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/02/06 20:32:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{541E093D-3270-44CA-A5B4-5D71E3127B4C}
[2012/02/05 22:02:38 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{04599384-2DEE-4E8D-B453-EEADBF258CE1}
[2012/02/05 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{24661336-3BF1-4643-BDD7-66CC6C9E313D}
[2012/02/05 10:58:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{188C5182-736B-4053-9155-A9E719886097}
[2012/02/05 10:31:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0AADBA10-9FF0-4C79-9832-5531C3AF416D}
[2012/02/05 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\New Folder
[2012/02/05 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{D5774097-16F7-48DC-9D35-D4C0F7BAB0D7}
[2012/02/05 01:48:30 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{1DB7B744-17E3-4D71-AAEA-AA3227FCF25E}
[2012/02/05 01:26:21 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{46FDA7CF-52BF-4EF2-A510-CE78A304E4F7}
[2012/02/05 01:21:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{74EAEF6A-D7E0-49E7-90E3-48934911B8B5}
[2012/02/04 22:25:23 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\Downloads
[2012/02/04 22:25:17 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
[2012/02/04 22:07:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E6772F27-47C5-458A-BCDA-A199A76DF805}
[2012/02/04 20:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/02/04 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/04 18:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012
[2012/02/04 18:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012
[2012/02/04 17:57:39 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3F65F7E4-D45B-40DB-8BAB-6BC67E1C89CA}
[2012/02/04 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B157629C-15F6-4E32-B6C0-0B83A92CAAC9}
[2012/02/04 15:56:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/02/04 15:38:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{80BB24DD-1BCD-43D3-A561-812CC7243FD1}
[2012/02/03 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{95A66B5E-0BFB-4E9B-843E-3CFB99B6D2C5}
[2012/02/03 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5D97F6D4-7F12-492B-9E4D-E252820A1803}
[2012/02/03 12:05:29 | 000,000,000 | R--D | C] -- C:\Users\Pondalex\Downloads\Documents\Videos
[2012/02/03 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{DCB66558-8F82-42A6-8A27-12CB45D9BECB}
[2012/02/03 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0F311329-1D80-485C-85F5-F0B5A6EBBDE4}
[2012/02/02 19:40:38 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0EAE513F-9D34-4A8E-AA05-30D686FBB003}
[2012/02/02 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0DBA32FE-10F5-43F6-9683-2C9A863D7824}
[2012/02/01 20:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/01 19:13:02 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Ota
[2012/02/01 19:13:02 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
[2012/02/01 14:17:51 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{359AF589-505B-4B60-B9CB-71038A34D314}
[2012/02/01 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0DC162EA-D7BD-485E-BF47-5EC137E4B42F}
[2012/02/01 02:16:51 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{13CC314C-BACC-403E-BBEA-641396E96A6B}
[2012/01/31 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A9C3A606-A6A3-4A63-AE47-85DA38049CF6}
[2012/01/31 14:15:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6CB86C0F-0068-41B5-A08A-22385BD70876}
[2012/01/29 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
[2012/01/29 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\GNU
[2012/01/29 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\.kde
[2012/01/29 18:15:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Gpg4win Documentation
[2012/01/29 18:15:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\gnupg
[2012/01/29 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
[2012/01/29 18:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2012/01/29 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\container
[2012/01/29 16:50:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
[2012/01/29 16:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/01/29 16:45:40 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/01/29 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012/01/29 12:32:16 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{52CB9669-77D3-413B-9D61-ECE6BC9F29A7}
[2012/01/29 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CD8F7FD8-0EF7-4135-8A73-6C9BA8415985}
[2012/01/28 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\Facebook
[2012/01/28 11:04:50 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{450C322D-9F73-4EF3-8136-F454104AC979}
[2012/01/27 23:04:25 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{63463D14-0E19-48F1-9D9D-D5BB9B480F34}
[2012/01/27 11:04:01 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{F76E2ABD-1FBE-4361-A7FD-36465A81FDF3}
[2012/01/26 23:03:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5EBAB220-6565-4A5D-92E3-BDAC77A73FAF}
[2012/01/26 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{9C70268A-F531-4106-8A11-0B74E498C845}
[2012/01/25 18:56:33 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{5A16FE21-B5DD-419A-81C0-985FD678EB0C}
[2012/01/24 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{19876D57-CE39-472D-A1FA-F693FB18E2FB}
[2012/01/24 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{EBD38DB3-E564-4508-A0ED-442B7C1B54BA}
[2012/01/24 10:00:40 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{21B8CD8C-0341-4A8A-ABAE-2EF6DFEE27C9}
[2012/01/24 10:00:28 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{FDD3973D-12DA-4972-98D3-3B342E91E898}
[2012/01/23 23:28:10 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\httpkpvz7ki2v5agwt35.onionwikiindex.phpMain_Page#Erotica
[2012/01/23 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\Desktop\Tor Browser
[2012/01/23 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\tor
[2012/01/23 19:07:41 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{111570F8-035E-421C-BCAB-1C2752303C3D}
[2012/01/23 03:00:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{3CEDED40-20FF-48B8-86B5-589BCECA7F3F}
[2012/01/22 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A1D4ED5D-6EE0-4947-AA92-19ACC41697D2}
[2012/01/22 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E2D6C90D-2862-449F-8C44-74B9033D5918}
[2012/01/19 22:58:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/18 22:28:54 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2D4F27E2-80EC-4BFA-8EA3-746B60F4DF0C}
[2012/01/18 10:28:29 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{AD6E778B-4E10-4843-B6C9-F21EB81EDA8B}
[2012/01/17 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{584E303E-FD93-495F-B6D6-5EBA9D2C1580}
[2012/01/17 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{0FAA8F22-ACD9-4400-B04F-993B092C27AD}
[2012/01/16 22:27:10 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{132EC03E-46F6-4C91-BAF7-9635D5E47357}
[2012/01/16 22:26:55 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{DC3D7650-C3DA-4566-9595-EA65D7323286}
[2012/01/16 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{370A96D5-5ABB-444B-85B8-0071E78BCE5B}
[2012/01/16 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{13466D02-201F-4D34-BCDE-2E6EA8CC2B8B}
[2012/01/15 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8156DB1D-172E-4E63-B943-7654B7BBCE91}
[2012/01/15 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{42DFC0C3-32A7-45D0-B189-E5EA66CDBAD5}
[2012/01/15 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local

nautilus808, Feb 11, 2012

#50
nautilus808 Newcomer, in training Posts: 60

\{B618B402-7A51-43F4-A4A2-71329BFDCF6D}
[2012/01/15 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B5737D06-4454-4E95-86ED-6E2960A6EDFD}
[2012/01/14 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6D8AB6BA-0D99-45FC-A95E-DBB35F0A5647}
[2012/01/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4029C74A-DA00-460D-A613-403ED1FCB87F}
[2012/01/13 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2AA391F5-986C-4729-BBAC-8E421F6F930F}
[2012/01/12 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E5089D2B-4C83-4714-878D-7C5F362B8557}
[2012/01/12 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E765F61E-74D9-4263-BF6C-7CF735AE2272}
[2012/01/12 11:52:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8DF7660C-5269-4B67-B39C-803D25231594}
[2012/01/11 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A6892FA6-0758-499A-875C-4365EECF9A6D}
[2012/01/11 23:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CA7D01E5-D4E2-4A1A-953D-BE5D0A1F7B02}
[2001/04/02 01:49:16 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 22:11:30 | 000,001,356 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2012/02/10 21:44:05 | 000,000,147 | ---- | M] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/10 21:40:03 | 000,002,855 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/10 21:36:52 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2012/02/10 20:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:34:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:43 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 23:16:31 | 000,667,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/09 23:16:31 | 000,127,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 23:09:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012/02/09 22:29:49 | 000,000,512 | ---- | M] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:37:06 | 307,695,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 21:12:45 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/08 22:07:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | M] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | M] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | M] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 21:20:18 | 000,000,655 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/05 00:52:45 | 000,015,360 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 22:58:14 | 000,000,341 | ---- | M] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | M] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 15:56:13 | 000,000,607 | ---- | M] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/04 15:35:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/02/01 20:56:29 | 000,001,057 | ---- | M] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 22:34:41 | 000,000,514 | ---- | M] () -- C:\Users\Pondalex\Desktop\Nubiles.net Member's Area - Home.website
[2012/01/30 21:14:32 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 21:00:00 | 000,006,034 | ---- | M] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/29 19:14:51 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/01/21 14:53:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 21:40:22 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:40:08 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:40:03 | 000,002,855 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/09 22:29:49 | 000,000,512 | ---- | C] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:14:23 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/07 23:20:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 23:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | C] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | C] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | C] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:46:49 | 000,000,448 | ---- | C] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/04 23:03:20 | 000,000,341 | ---- | C] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | C] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 18:20:33 | 000,000,147 | ---- | C] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/04 15:56:13 | 000,000,607 | ---- | C] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/01 20:56:29 | 000,001,057 | ---- | C] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 21:14:31 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 20:59:59 | 000,006,034 | ---- | C] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/28 11:33:46 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/01/28 11:33:46 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/01/23 22:43:33 | 000,000,655 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2011/12/17 02:29:57 | 000,201,116 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/09 16:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/09 16:57:12 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/25 19:15:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/11/05 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010/10/10 08:26:28 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/09/28 13:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/21 20:41:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/08 19:36:08 | 019,657,194 | ---- | C] () -- C:\ProgramData\vlc-1.1.4-win32.exe
[2010/08/21 21:37:06 | 019,563,096 | ---- | C] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/08/02 13:01:13 | 019,461,015 | ---- | C] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/07/25 00:31:55 | 019,473,201 | ---- | C] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/04 18:38:22 | 016,310,272 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/05/08 11:38:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\VHx0W
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\8s32
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\ProgramData\8s32
[2010/03/29 21:34:59 | 000,000,579 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\AutoGK.ini
[2010/03/28 16:20:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/12 10:44:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/12 10:44:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:30:39 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/10/24 10:30:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/21 20:22:49 | 000,001,356 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2009/09/15 16:02:36 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/28 20:33:32 | 000,001,044 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\vso_ts_preview.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 06:58:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/09 20:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/05/06 21:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/25 21:41:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/03 18:10:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/03 15:34:18 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:06 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2009/03/21 16:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/21 16:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/21 16:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/09/29 18:42:17 | 000,870,128 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\mcs.rma
[2008/09/29 18:42:17 | 000,000,004 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\1FAC5E
[2008/09/21 02:07:03 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/18 03:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/10 20:43:01 | 000,015,360 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 22:34:46 | 000,001,468 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/08/14 22:15:32 | 000,001,306 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\wklnhst.dat
[2008/08/06 12:39:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/06 08:56:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/06 08:56:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/06 08:52:19 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/08/06 08:52:19 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/08/06 08:52:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,436,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,667,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,127,148 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/10/28 10:07:20 | 000,372,736 | ---- | C] () -- C:\Windows\System32\ffvfw.dll
[2002/10/15 15:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/04/02 01:41:14 | 000,000,157 | ---- | C] () -- C:\Program Files\Perfiles.ini

========== LOP Check ==========

[2011/01/23 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG
[2010/12/04 15:21:16 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG10
[2011/12/11 10:42:40 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Azureus
[2010/08/14 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\BitTorrent
[2011/09/04 07:11:02 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Camfrog
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Canon
[2009/06/12 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ChemBuddy
[2011/06/15 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\com.Shutterfly.ExpressUploader
[2008/09/09 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\DataSafeOnline
[2009/08/05 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Dylogic
[2009/05/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\eAcceleration
[2009/03/30 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ExcelCube
[2012/02/08 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
[2012/02/04 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
[2012/01/30 21:20:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gnupg
[2012/01/30 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
[2011/03/21 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Image Zone Express
[2008/08/30 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Leadertech
[2010/06/13 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\LimeWire
[2012/02/03 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
[2012/02/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Ota
[2009/11/01 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Printer Info Cache
[2010/06/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Raptr
[2010/12/30 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Registry Mechanic
[2011/02/24 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Sammsoft
[2009/07/09 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Snapfish
[2008/08/20 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Template
[2012/01/29 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
[2011/10/26 08:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Uniblue
[2010/04/22 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\vghd
[2009/08/28 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Vso
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:37:20 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/01 02:51:21 | 000,000,078 | ---- | M] () -- C:\AEIusb.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 08:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/08/06 12:40:01 | 000,005,187 | R--- | M] () -- C:\dell.sdr
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/07 20:44:28 | 000,047,516 | ---- | M] () -- C:\JavaRa.log
[2010/05/09 09:21:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/02/10 20:38:35 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2012/02/10 21:46:46 | 000,000,467 | ---- | M] () -- C:\rkill.log
[2009/03/28 21:40:24 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
[2009/03/29 09:12:33 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2009/03/28 21:40:24 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 09:12:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2012/02/09 21:34:26 | 000,086,456 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_09.02.2012_21.32.57_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/01 22:57:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_hpzpp4v2.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\2_hpzpp4v2.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/08/21 19:12:10 | 000,001,682 | ---- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/03/30 20:43:24 | 000,423,936 | ---- | M] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/04/03 15:34:20 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:17 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2010/03/30 20:43:24 | 000,000,157 | ---- | M] () -- C:\Program Files\Perfiles.ini
[2009/04/09 23:46:14 | 000,012,092 | ---- | M] () -- C:\Program Files\Self-made media for NM-122708.xlsx

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/01/23 22:11:58 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2011/01/23 22:11:58 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2011/01/23 22:11:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2011/01/23 22:11:59 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2011/01/23 22:11:59 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/04 17:21:17 | 000,000,087 | -HS- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2007/09/17 19:28:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Pondalex\Desktop\recdisc.exe
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/09 22:43:49 | 000,061,224 | ---- | M] () -- C:\Users\Pondalex\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/23 22:10:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/01/23 22:10:32 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/13 22:45:10 | 000,000,402 | -HS- | M] () -- C:\Users\Pondalex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/04 00:39:44 | 000,003,604 | -HS- | M] () -- C:\ProgramData\8s32
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/01/21 14:53:37 | 000,004,264 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/04 21:58:34 | 000,009,584 | -HS- | M] () -- C:\ProgramData\VHx0W
[2009/09/15 16:17:05 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2010/10/10 08:26:28 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2011/01/23 21:49:00 | 016,310,272 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/07/25 00:34:20 | 019,473,201 | ---- | M] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/08/02 13:03:42 | 019,461,015 | ---- | M] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/08/21 21:39:34 | 019,563,096 | ---- | M] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/09/08 19:39:32 | 019,657,194 | ---- | M] () -- C:\ProgramData\vlc-1.1.4-win32.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$] -> -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

nautilus808, Feb 11, 2012

#51
nautilus808 Newcomer, in training Posts: 60

I ran combofix, overnight. This am, a message said "combofix detecetd rootkit" and needs to restart.

nautilus808, Feb 11, 2012

#52
nautilus808 Newcomer, in training Posts: 60

Ran combofix. It said that the machine is infected with Rootkit.zeroaccess. It has inserted itself into the tcp/ip stack.
2 min later message appeared " rootkit detetected, be patient, this make take some moments"

. Upon restart in normal mode, the internet did nto work. I got a message saying "Java update scheduler has stopped working"

nautilus808, Feb 11, 2012

#53
Broni Malware Annihilator Posts: 39,398 +177

Did Combofix run to a completion?
Did it produce any log?

Broni, Feb 11, 2012

#54
nautilus808 Newcomer, in training Posts: 60

Ran combofix a few times. It finally produced a log just now!

\{B618B402-7A51-43F4-A4A2-71329BFDCF6D}
[2012/01/15 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B5737D06-4454-4E95-86ED-6E2960A6EDFD}
[2012/01/14 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6D8AB6BA-0D99-45FC-A95E-DBB35F0A5647}
[2012/01/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4029C74A-DA00-460D-A613-403ED1FCB87F}
[2012/01/13 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2AA391F5-986C-4729-BBAC-8E421F6F930F}
[2012/01/12 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E5089D2B-4C83-4714-878D-7C5F362B8557}
[2012/01/12 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E765F61E-74D9-4263-BF6C-7CF735AE2272}
[2012/01/12 11:52:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8DF7660C-5269-4B67-B39C-803D25231594}
[2012/01/11 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A6892FA6-0758-499A-875C-4365EECF9A6D}
[2012/01/11 23:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CA7D01E5-D4E2-4A1A-953D-BE5D0A1F7B02}
[2001/04/02 01:49:16 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 22:11:30 | 000,001,356 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2012/02/10 21:44:05 | 000,000,147 | ---- | M] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/10 21:40:03 | 000,002,855 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/10 21:36:52 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2012/02/10 20:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:34:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:43 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 23:16:31 | 000,667,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/09 23:16:31 | 000,127,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 23:09:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012/02/09 22:29:49 | 000,000,512 | ---- | M] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:37:06 | 307,695,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 21:12:45 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/08 22:07:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | M] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | M] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | M] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 21:20:18 | 000,000,655 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/05 00:52:45 | 000,015,360 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 22:58:14 | 000,000,341 | ---- | M] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | M] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 15:56:13 | 000,000,607 | ---- | M] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/04 15:35:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/02/01 20:56:29 | 000,001,057 | ---- | M] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 22:34:41 | 000,000,514 | ---- | M] () -- C:\Users\Pondalex\Desktop\Nubiles.net Member's Area - Home.website
[2012/01/30 21:14:32 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 21:00:00 | 000,006,034 | ---- | M] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/29 19:14:51 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/01/21 14:53:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 21:40:22 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:40:08 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:40:03 | 000,002,855 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/09 22:29:49 | 000,000,512 | ---- | C] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:14:23 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/07 23:20:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 23:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | C] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | C] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | C] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:46:49 | 000,000,448 | ---- | C] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/04 23:03:20 | 000,000,341 | ---- | C] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | C] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 18:20:33 | 000,000,147 | ---- | C] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/04 15:56:13 | 000,000,607 | ---- | C] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/01 20:56:29 | 000,001,057 | ---- | C] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 21:14:31 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 20:59:59 | 000,006,034 | ---- | C] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/28 11:33:46 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/01/28 11:33:46 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/01/23 22:43:33 | 000,000,655 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2011/12/17 02:29:57 | 000,201,116 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/09 16:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/09 16:57:12 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/25 19:15:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/11/05 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010/10/10 08:26:28 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/09/28 13:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/21 20:41:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/08 19:36:08 | 019,657,194 | ---- | C] () -- C:\ProgramData\vlc-1.1.4-win32.exe
[2010/08/21 21:37:06 | 019,563,096 | ---- | C] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/08/02 13:01:13 | 019,461,015 | ---- | C] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/07/25 00:31:55 | 019,473,201 | ---- | C] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/04 18:38:22 | 016,310,272 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/05/08 11:38:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\VHx0W
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\8s32
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\ProgramData\8s32
[2010/03/29 21:34:59 | 000,000,579 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\AutoGK.ini
[2010/03/28 16:20:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/12 10:44:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/12 10:44:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:30:39 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/10/24 10:30:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/21 20:22:49 | 000,001,356 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2009/09/15 16:02:36 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/28 20:33:32 | 000,001,044 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\vso_ts_preview.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 06:58:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/09 20:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/05/06 21:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/25 21:41:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/03 18:10:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/03 15:34:18 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:06 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2009/03/21 16:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/21 16:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/21 16:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/09/29 18:42:17 | 000,870,128 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\mcs.rma
[2008/09/29 18:42:17 | 000,000,004 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\1FAC5E
[2008/09/21 02:07:03 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/18 03:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/10 20:43:01 | 000,015,360 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 22:34:46 | 000,001,468 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/08/14 22:15:32 | 000,001,306 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\wklnhst.dat
[2008/08/06 12:39:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/06 08:56:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/06 08:56:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/06 08:52:19 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/08/06 08:52:19 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/08/06 08:52:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,436,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,667,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,127,148 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/10/28 10:07:20 | 000,372,736 | ---- | C] () -- C:\Windows\System32\ffvfw.dll
[2002/10/15 15:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/04/02 01:41:14 | 000,000,157 | ---- | C] () -- C:\Program Files\Perfiles.ini

========== LOP Check ==========

[2011/01/23 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG
[2010/12/04 15:21:16 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG10
[2011/12/11 10:42:40 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Azureus
[2010/08/14 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\BitTorrent
[2011/09/04 07:11:02 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Camfrog
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Canon
[2009/06/12 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ChemBuddy
[2011/06/15 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\com.Shutterfly.ExpressUploader
[2008/09/09 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\DataSafeOnline
[2009/08/05 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Dylogic
[2009/05/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\eAcceleration
[2009/03/30 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ExcelCube
[2012/02/08 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
[2012/02/04 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
[2012/01/30 21:20:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gnupg
[2012/01/30 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
[2011/03/21 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Image Zone Express
[2008/08/30 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Leadertech
[2010/06/13 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\LimeWire
[2012/02/03 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
[2012/02/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Ota
[2009/11/01 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Printer Info Cache
[2010/06/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Raptr
[2010/12/30 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Registry Mechanic
[2011/02/24 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Sammsoft
[2009/07/09 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Snapfish
[2008/08/20 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Template
[2012/01/29 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
[2011/10/26 08:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Uniblue
[2010/04/22 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\vghd
[2009/08/28 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Vso
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:37:20 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/01 02:51:21 | 000,000,078 | ---- | M] () -- C:\AEIusb.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 08:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/08/06 12:40:01 | 000,005,187 | R--- | M] () -- C:\dell.sdr
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/07 20:44:28 | 000,047,516 | ---- | M] () -- C:\JavaRa.log
[2010/05/09 09:21:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/02/10 20:38:35 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2012/02/10 21:46:46 | 000,000,467 | ---- | M] () -- C:\rkill.log
[2009/03/28 21:40:24 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
[2009/03/29 09:12:33 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2009/03/28 21:40:24 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 09:12:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2012/02/09 21:34:26 | 000,086,456 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_09.02.2012_21.32.57_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/01 22:57:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_hpzpp4v2.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\2_hpzpp4v2.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/08/21 19:12:10 | 000,001,682 | ---- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/03/30 20:43:24 | 000,423,936 | ---- | M] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/04/03 15:34:20 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:17 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2010/03/30 20:43:24 | 000,000,157 | ---- | M] () -- C:\Program Files\Perfiles.ini
[2009/04/09 23:46:14 | 000,012,092 | ---- | M] () -- C:\Program Files\Self-made media for NM-122708.xlsx

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/01/23 22:11:58 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2011/01/23 22:11:58 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2011/01/23 22:11:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2011/01/23 22:11:59 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2011/01/23 22:11:59 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/04 17:21:17 | 000,000,087 | -HS- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2007/09/17 19:28:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Pondalex\Desktop\recdisc.exe
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/09 22:43:49 | 000,061,224 | ---- | M] () -- C:\Users\Pondalex\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/23 22:10:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/01/23 22:10:32 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/13 22:45:10 | 000,000,402 | -HS- | M] () -- C:\Users\Pondalex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/04 00:39:44 | 000,003,604 | -HS- | M] () -- C:\ProgramData\8s32
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/01/21 14:53:37 | 000,004,264 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/04 21:58:34 | 000,009,584 | -HS- | M] () -- C:\ProgramData\VHx0W
[2009/09/15 16:17:05 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2010/10/10 08:26:28 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2011/01/23 21:49:00 | 016,310,272 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/07/25 00:34:20 | 019,473,201 | ---- | M] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/08/02 13:03:42 | 019,461,015 | ---- | M] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/08/21 21:39:34 | 019,563,096 | ---- | M] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/09/08 19:39:32 | 019,657,194 | ---- | M] () -- C:\ProgramData\vlc-1.1.4-win32.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$] -> -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

nautilus808, Feb 11, 2012

#55
Broni Malware Annihilator Posts: 39,398 +177

This is not Combofix log.

Broni, Feb 11, 2012

#56
nautilus808 Newcomer, in training Posts: 60

Thats strange, something ran upon start up and produced this log. It said it was combofix. Wait for combofix to finish before doing anything it said. Wait for log to pop up it said. The combofix txt files will not open. When i try to open it says "illegal operation attempted on a registry key that has been marked for deletion"

nautilus808, Feb 11, 2012

#57
Broni Malware Annihilator Posts: 39,398 +177

Restart computer.

Broni, Feb 11, 2012

#58
nautilus808 Newcomer, in training Posts: 60

ok
restarting......

nautilus808, Feb 11, 2012

#59
nautilus808 Newcomer, in training Posts: 60

Computer restarted with no problem...

nautilus808, Feb 11, 2012

#60

Page 3 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.