Solved Trying to clear out remnants of XP *** 2012 infection

I think its not working this time. Its been at the scanning step forever. System isn't frozen and neither is the program. Its just not moving forward. And no I didn't click the window. Not sure what to do now
 
Why cant someone figure out a way to run windows in a nice little linux sandbox environment, so everything can be watched, caught, and smashed ever so prettily in a nice colorful explosion of pixels...

A girl can always dream I guess...
 
It ran slowly at the start, said it needed to reboot...

Then froze the screen (though mouse moved, nothing else worked)

Rebooted, figured I would ask, but it went through the normal process (Every stage) then rebooted itself.

Then when it rebooted into this, it did nothing, never popped up the "preparing log file" thing at all.
 
Nothing there. broken partial log in combofix dir though.

ComboFix 12-02-11.03 - HP_Administrator 02/15/2012 20:02:42.6.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2739 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

Rerun?
 
During the log prep, the screen blinked out for a second and about half the status bar icons in the lower right just vanished.

ComboFix 12-02-11.03 - HP_Administrator 02/15/2012 23:38:43.7.6 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2754 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB62280$\3114552305
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-15 23:26 . 2004-08-04 04:15 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-14 01:31 . 2012-02-14 18:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 16:46 . 2012-02-16 16:46 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2012-02-16 16:46 . 2012-02-16 16:46 16384 c:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
+ 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
- 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-12 05:26 . 2012-02-14 02:18 16384 c:\windows\Cookies\index.dat
- 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-02-16 16:46 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-12-21 18:41 . 2012-02-16 03:29 278096 c:\windows\system32\pghash.dat
+ 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
- 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
- 2004-08-09 21:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23327:TCP"= 23327:TCP:BitComet 23327 TCP
"23327:UDP"= 23327:UDP:BitComet 23327 UDP
"85:TCP"= 85:TCP:BroadWave Web Server
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"57575:TCP"= 57575:TCP:pando Media Booster
"57575:UDP"= 57575:UDP:pando Media Booster
"56833:TCP"= 56833:TCP:pando Media Booster
"56833:UDP"= 56833:UDP:pando Media Booster
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
"37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
"135:TCP"= 135:TCP:DCOM(135)
"6900:TCP"= 6900:TCP:BitComet 6900 TCP
"6900:UDP"= 6900:UDP:BitComet 6900 UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
S1 PDIDRV;PDIDRV; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp; [x]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
S3 SjyPkt;SjyPkt; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PGFILTER
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MRESP50a64
wps
MSFWDrv
point32
MTC0001_ESB
se59mgmt
queuemgr
cmdmon
Nsynas32
mirrorv3
GTPTSER
x10nets
houdinilicenseserver
sfhlp02
mgabgexe
int15
wmconnectcds
issimon
NWFILTER
s116nd5
lusbaudio
clmtomcatstartersvc
foldersize
ikfilesec
centennialclientagent
SaiH040B
imap4d32
nmindexingservice
pclepci
CAM1210
portmapper
lxbx_device
dwusbdnt
mcusrmgr
SQTECH9080
s117mdm
iPassPeriodicUpdateApp
SMCB000
sthda
st330service
icraplus
com0com
lxbt_device
cpqnicmgmt
SaiNtHid
toscosrv
NuidFltr
k56
infrastructure
vwlogger
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
.
2012-02-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-02-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 11:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc22.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
"datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
.
[HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
"ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3764)
c:\program files\ThreatFire\TfWah.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\windows\system32\MSWSOCK.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\arservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ThreatFire\TFService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DiscUpdMgr.exe
.
**************************************************************************
.
Completion time: 2012-02-16 12:01:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 17:01
ComboFix2.txt 2012-02-14 18:43
ComboFix3.txt 2012-02-14 02:42
ComboFix4.txt 2012-02-12 05:26
ComboFix5.txt 2012-02-15 20:28
.
Pre-Run: 45,299,945,472 bytes free
Post-Run: 45,134,774,272 bytes free
.
- - End Of File - - 611AE5DF71652BFBACE1FFE9D8612E44
 
Good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 2/16/2012 2:58:14 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 72.73% Memory free
7.09 Gb Paging File | 6.25 Gb Available in Paging File | 88.24% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 41.94 Gb Free Space | 14.50% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.61 Gb Free Space | 6.87% Space Free | Partition Type: FAT32
Drive E: | 292.96 Gb Total Space | 291.94 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Drive J: | 638.55 Gb Total Space | 352.65 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive K: | 115.83 Gb Total Space | 23.11 Gb Free Space | 19.95% Space Free | Partition Type: NTFS

Computer Name: ELENGIL | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2012/02/15 22:42:44 | 000,388,608 | R--- | M] (Microsoft Corporation) -- C:\ComboFix\CF5325.3XE
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/19 16:10:32 | 008,563,624 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2011/10/21 21:56:58 | 003,065,568 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/23 18:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 02:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/19 09:07:10 | 002,809,856 | ---- | M] (SplitCam Co.) -- C:\Program Files\SplitCam\SplitCam.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/11/18 00:15:14 | 000,417,136 | R--- | M] (Sysinternals) -- C:\ComboFix\handle.3XE
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/16 09:55:14 | 000,397,312 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2006/07/07 11:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/01 18:28:12 | 001,469,952 | ---- | M] (Hagel Technologies) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2005/01/20 14:24:02 | 000,280,064 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2005/01/20 14:14:10 | 000,184,320 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
MOD - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2012/01/18 14:48:08 | 000,008,624 | ---- | M] () -- C:\Program Files\Innovative Solutions\DriverMax\sync.dll
MOD - [2011/06/23 18:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/03/25 06:25:12 | 003,668,992 | ---- | M] () -- C:\Program Files\SplitCam\DSFilters\Decoding\ffdshow.ax
MOD - [2011/03/11 10:06:28 | 000,958,464 | ---- | M] () -- C:\Program Files\SplitCam\cxcore110.dll
MOD - [2011/03/11 10:06:28 | 000,876,544 | ---- | M] () -- C:\Program Files\SplitCam\cv110.dll
MOD - [2011/03/11 10:06:28 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/10 10:37:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3548b262\mscorlib.dll
MOD - [2010/11/10 10:37:07 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a16b8162\system.drawing.dll
MOD - [2010/11/10 10:36:54 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a54c19c5\system.windows.forms.dll
MOD - [2010/11/10 10:36:45 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_72096808\system.dll
MOD - [2010/11/10 10:36:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2010/02/05 13:14:43 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
MOD - [2006/10/22 10:41:52 | 000,235,520 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2006/09/16 09:56:40 | 000,133,120 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
MOD - [2006/09/16 09:51:08 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
MOD - [2006/09/16 09:51:06 | 000,010,752 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\windows-1252.so
MOD - [2006/09/16 09:51:06 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\utf-8.so
MOD - [2006/08/19 16:59:49 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/08/19 16:59:48 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006/05/13 23:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2005/08/02 18:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
MOD - [2004/08/09 16:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2004/08/09 16:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004/08/09 16:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/09 16:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/05/07 20:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (NFService)
SRV - File not found [Auto | Stopped] -- -- (imap4d32)
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
SRV - File not found [Auto | Stopped] -- -- (centennialclientagent)
SRV - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 02:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/09/13 16:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/04/26 18:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2007/05/04 09:00:12 | 005,701,632 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2006/09/29 05:56:44 | 000,574,976 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\Internet\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\dcsuserprot.exe -- (DCSPGSRV)
SRV - [2004/08/09 16:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\w810bus.dll -- (SaiH040B)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2012/01/24 17:43:30 | 000,242,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SXUPTP.SYS -- (sxuptp)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDM.SYS -- (ssadmdm)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDFL.SYS -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
DRV - [2011/09/15 15:23:30 | 000,130,360 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2011/07/20 02:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/07/20 02:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/30 07:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 07:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 07:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 07:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 07:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/04/30 06:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:54 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/11 18:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/08/04 21:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/03/25 20:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/03/25 20:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/25 19:12:00 | 000,354,176 | ---- | M] (TrueCrypt Foundation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\supersafer.sys -- (supersafer)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 03:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 15:30:24 | 000,590,080 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/08/03 21:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/24 13:03:54 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/06/28 19:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/02/06 11:27:02 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/06/27 22:15:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/14 06:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/10 19:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/06/29 12:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/04/04 11:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\VFD\vfd.sys -- (VirtualFD)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/01 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 16:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 02:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.81
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.10
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.1
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.9
FF - prefs.js..extensions.enabledItems: {d4330680-c0ae-4226-8a21-0afe2fd1ac24}:3.8.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2007/08/09 10:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2009/06/15 03:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2009/08/24 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox 3\components [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox 3\plugins [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/06/07 14:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/06/07 14:15:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]

[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/08/30 13:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Pink Paula / PP 2") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2008/09/22 06:21:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/07/30 12:39:25 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2008/08/01 13:54:22 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/09/02 18:37:29 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2008/09/22 06:21:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("IE Tab") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/07/30 12:39:12 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2008/09/22 06:21:38 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/06/06 22:35:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/30 13:04:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008/07/30 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Daisy") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{C985DAC8-338E-11DB-8AF6-B622A1EF5492}
[2008/06/19 10:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/19 10:15:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/19 10:15:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/09/22 06:21:38 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Ctrl Tab Preview") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Firebug") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\firebug@software.joehewitt.com
[2008/05/24 16:47:03 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\linkalert.conlan@addons.mozilla.com
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Video Download") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\piraton@enchufados.net
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\videodowloader@videodownloader.net
[2007/03/14 12:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se\chrome
[2012/01/31 23:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions
[2009/09/07 12:52:35 | 000,000,000 | ---D | M] ("Pink Paula / PP 3.5.1") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
[2008/10/13 00:11:50 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2011/09/09 23:33:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 23:31:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/06/28 16:03:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/28 01:14:33 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/12/19 14:25:45 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2011/06/28 16:04:27 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/09/09 23:33:55 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/09/28 21:30:28 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2012/01/05 10:09:35 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/09/09 23:33:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/06 07:36:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/26 23:31:49 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2010/05/12 23:38:50 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/08/31 07:20:37 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2011/08/10 21:01:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/19 14:25:48 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/30 13:04:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/13 14:52:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/11/13 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/10/29 15:43:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/10 21:01:34 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/09/09 23:33:57 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/10/16 15:42:01 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2011/08/10 21:01:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/19 14:25:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/06/28 16:04:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/13 04:48:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/09 23:34:03 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\betterfacebook@mattkruse.com
[2011/08/10 21:01:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\DeviceDetection@logitech.com
[2010/05/12 23:38:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\firebug@software.joehewitt.com
[2011/09/09 23:34:02 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\lazarus@interclue.com
[2011/06/28 16:03:34 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\linkalert.conlan@addons.mozilla.com
[2012/01/05 10:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\staged-xpis
[2009/10/04 11:30:26 | 000,000,000 | ---D | M] (VacuumPlaces Extension) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\VacuumPlaces@revertron.com
[2011/06/28 16:03:47 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\weatherwatcherlive@singerscreations.com
[2010/05/12 23:38:52 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\webmaster@keep-tube.com
[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\SeaMonkey\Profiles\7tyw5yzt.default\extensions
[2012/02/04 15:12:54 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
 
========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npBitCometAgent.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npvirtools.dll
CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npWebLaunch.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Super Mario Bros. Crossover = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeecbbkpegiknjlkklkajceokkdgipbm\2.1_0\
CHR - Extension: Lord of Ultima = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.11_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

O1 HOSTS File: ([2012/02/16 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - Reg Error: Value error. File not found
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Internet\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe (SplitCam Co.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Internet\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Internet\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Bubble This URL - {A3A0268C-3146-431d-84EE-2789B750ABD2} - C:\Program Files\Bubbles\BubblesHBO.dll (3D3R)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 17:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/08/06 01:11:04 | 000,000,000 | ---D | M] - J:\Autohotkey -- [ NTFS ]
O32 - AutoRun File - [2006/05/26 12:25:18 | 000,712,704 | ---- | M] () - K:\AutoRAR.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: MRESP50a64 - File not found
NetSvcs: wps - File not found
NetSvcs: MSFWDrv - File not found
NetSvcs: point32 - File not found
NetSvcs: MTC0001_ESB - File not found
NetSvcs: se59mgmt - File not found
NetSvcs: queuemgr - File not found
NetSvcs: cmdmon - File not found
NetSvcs: Nsynas32 - File not found
NetSvcs: mirrorv3 - File not found
NetSvcs: GTPTSER - File not found
NetSvcs: x10nets - File not found
NetSvcs: houdinilicenseserver - File not found
NetSvcs: sfhlp02 - File not found
NetSvcs: mgabgexe - File not found
NetSvcs: int15 - File not found
NetSvcs: wmconnectcds - File not found
NetSvcs: issimon - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: s116nd5 - File not found
NetSvcs: lusbaudio - File not found
NetSvcs: clmtomcatstartersvc - File not found
NetSvcs: foldersize - File not found
NetSvcs: ikfilesec - File not found
NetSvcs: centennialclientagent - File not found
NetSvcs: SaiH040B - C:\WINDOWS\system32\w810bus.dll (Oak Technology Inc.)
NetSvcs: imap4d32 - File not found
NetSvcs: nmindexingservice - File not found
NetSvcs: pclepci - File not found
NetSvcs: CAM1210 - File not found
NetSvcs: portmapper - File not found
NetSvcs: lxbx_device - File not found
NetSvcs: dwusbdnt - File not found
NetSvcs: mcusrmgr - File not found
NetSvcs: SQTECH9080 - File not found
NetSvcs: s117mdm - File not found
NetSvcs: iPassPeriodicUpdateApp - File not found
NetSvcs: SMCB000 - File not found
NetSvcs: sthda - File not found
NetSvcs: st330service - File not found
NetSvcs: icraplus - File not found
NetSvcs: com0com - File not found
NetSvcs: lxbt_device - File not found
NetSvcs: cpqnicmgmt - File not found
NetSvcs: SaiNtHid - File not found
NetSvcs: toscosrv - File not found
NetSvcs: NuidFltr - File not found
NetSvcs: k56 - File not found
NetSvcs: infrastructure - File not found
NetSvcs: vwlogger - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.D263 - C:\WINDOWS\System32\xl_x263dec.dll (Xirlink, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 13:49:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/16 12:01:36 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/02/15 22:43:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 00:26:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2012/02/11 23:17:52 | 004,402,217 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/11 20:58:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/11 20:52:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 20:52:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 20:52:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/11 20:52:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 20:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/11 20:52:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 06:22:28 | 000,000,000 | ---D | C] -- C:\found.001
[2012/02/04 16:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/02/04 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/02/04 15:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2012/02/04 15:16:59 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/02/04 15:16:59 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/02/04 15:16:59 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/03 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Threats
[2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatExpert Memory Scanner
[2012/01/29 15:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Argente - Uninstall Manager
[2012/01/29 15:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Argente - Uninstall Manager
[2012/01/26 03:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/01/24 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools Lite
[2012/01/24 17:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2010/08/06 04:16:53 | 001,618,432 | ---- | C] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 14:52:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 14:52:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/16 12:02:32 | 000,001,226 | ---- | M] () -- C:\WINDOWS\SplitCam.INI
[2012/02/16 12:01:36 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/02/16 11:49:46 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/16 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/16 11:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 11:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/16 11:45:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/02/15 22:41:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 22:29:31 | 000,278,096 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2012/02/15 20:29:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/14 13:54:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/11 23:38:33 | 000,504,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/11 23:38:32 | 000,088,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/11 19:52:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2012/02/06 22:24:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/06 22:24:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/06 22:17:57 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/02/06 22:10:05 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/02/06 22:07:09 | 088,369,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/05 00:04:01 | 000,335,823 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/04 15:21:40 | 000,272,096 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2012/02/04 15:17:01 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/01/26 22:13:01 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/26 22:13:01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/24 17:43:30 | 000,242,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/24 03:08:32 | 000,000,039 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
[2012/01/21 01:38:42 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverMax.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 23:34:09 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/13 20:31:37 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/13 20:23:35 | 000,242,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/02/13 19:45:10 | 000,336,993 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2012/02/11 20:52:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 20:52:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 20:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/11 20:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/11 20:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/11 19:52:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2012/02/06 22:17:38 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/02/04 15:17:01 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/01/25 18:19:23 | 000,001,226 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
[2012/01/24 03:08:30 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
[2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
[2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
[2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l
[2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l
[2011/12/21 13:41:21 | 000,278,096 | ---- | C] () -- C:\WINDOWS\System32\pghash.dat
[2011/12/21 13:41:20 | 000,272,096 | ---- | C] () -- C:\WINDOWS\System32\pguard.dat
[2011/12/20 16:10:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\procguard.dll
[2011/12/18 19:10:03 | 000,000,146 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/16 15:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJ82c.exe.b
[2011/12/16 15:06:53 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat
[2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3
[2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3
[2011/10/14 01:04:26 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.freeciv-client-rc-2.3
[2011/08/20 00:16:09 | 000,267,614 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/16 05:16:24 | 000,337,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3220704123-1705262036-168104783-1007-0.dat
[2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/07/03 15:47:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/03 15:47:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/30 16:22:07 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/20 17:19:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddiwezipahal.dat
[2011/04/20 17:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ksuzebic.bin
[2010/12/16 06:06:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\setup_ldm.iss
[2010/12/05 20:12:55 | 000,042,535 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/12/05 19:13:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SuperSafer.cfg
[2010/12/05 19:13:08 | 002,771,968 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_custom.dll
[2010/12/05 19:13:08 | 001,163,776 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_custom.dll
[2010/12/05 19:13:08 | 000,681,472 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_custom.dll
[2010/12/05 19:13:08 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_custom.dll
[2010/12/05 19:13:08 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_custom.dll
[2010/12/05 19:13:08 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_custom.dll
[2010/12/05 19:13:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_custom.dll
[2010/12/05 19:13:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\verify.dll
[2010/12/05 19:13:08 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\config.dll
[2010/12/03 13:58:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/12/03 13:58:47 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/12/03 13:58:44 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/12/03 13:58:44 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/12/03 13:56:42 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/03 13:44:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/12/03 13:44:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/12/03 13:44:02 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/12/03 13:43:52 | 000,033,790 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/12/03 13:43:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/12/03 13:12:20 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/03 13:12:18 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/03 13:12:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/03 12:53:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 10:44:49 | 000,266,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/20 03:40:01 | 000,102,038 | ---- | C] () -- C:\WINDOWS\System32\HCW848UN.EXE
[2010/10/20 03:13:29 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010/09/15 03:34:39 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/28 02:18:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/28 02:18:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/28 02:18:28 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/26 18:22:18 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/06/18 14:42:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FFS20ChtReg.ini
[2010/05/23 15:13:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/21 00:16:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/30 01:20:02 | 000,000,430 | ---- | C] () -- C:\WINDOWS\Memory.ini
[2010/01/30 01:17:31 | 000,000,361 | ---- | C] () -- C:\WINDOWS\MasMind.INI
[2009/12/29 08:01:05 | 000,004,620 | ---- | C] () -- C:\WINDOWS\XChange.dat
[2009/12/25 18:22:41 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/06 01:46:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/07 16:23:36 | 000,000,279 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
[2009/11/07 16:22:56 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TTT.INI
[2009/11/07 16:22:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\pmachine.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/31 05:59:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\othello.ini
[2009/08/31 05:56:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2009/07/31 22:57:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/07/31 21:43:51 | 001,377,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\speech.wav
[2009/07/02 03:37:07 | 000,003,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\springsettings.cfg
[2009/07/01 15:04:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/20 23:32:39 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\MPQEditor.ini
[2009/04/09 04:35:45 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2009/03/25 02:10:00 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/25 02:10:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 05:41:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/20 06:47:41 | 000,004,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Cosmos Prefs
[2009/03/17 23:07:43 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009/03/07 08:54:47 | 000,019,840 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
[2009/03/04 20:01:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2009/01/20 12:43:35 | 000,005,292 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2008/12/03 11:57:29 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008/12/03 11:57:28 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2008/10/29 03:16:02 | 000,088,456 | ---- | C] () -- C:\WINDOWS\Network Measurement Agent Uninstaller.exe
[2008/10/12 23:56:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2008/10/11 18:53:40 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WinBIN2ISO.INI
[2008/09/07 19:52:55 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\WavCodec.wff
[2008/08/19 21:46:41 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/05/21 05:30:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TSW12.INI
[2008/05/12 17:46:11 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ROPatch.ini
[2008/04/21 03:26:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sprview.dll
[2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2008/02/07 06:56:54 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/09/26 13:16:55 | 000,308,928 | ---- | C] () -- C:\WINDOWS\System32\ivflt08.dll
[2007/09/26 13:16:55 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ivbas08.dll
[2007/09/19 23:50:09 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2007/08/19 15:11:59 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2007/07/25 23:15:41 | 000,000,626 | ---- | C] () -- C:\WINDOWS\roughdraft.INI
[2007/06/28 19:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/31 23:40:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Mp3Decode.INI
[2007/03/21 21:21:10 | 000,703,258 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2007/03/21 21:21:10 | 000,003,381 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/03 21:13:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/02/18 05:33:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/02/05 11:11:36 | 000,007,725 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
[2007/01/18 02:46:39 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Sta2.INI
[2006/11/13 00:09:16 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\TFSFILE5.DAT
[2006/11/06 03:44:43 | 000,004,929 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/06 01:11:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/06 00:56:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 22:09:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/05 21:04:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 18:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 17:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 17:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 17:41:13 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 17:29:45 | 000,004,567 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/19 17:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 17:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 17:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 17:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 17:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll.hcw
[2006/08/19 17:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 17:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 17:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 16:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 16:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 16:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/08/04 19:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
[2006/06/27 22:15:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/06/16 06:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 17:32:46 | 003,088,384 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.dll
[2005/11/04 21:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/08/30 16:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 16:07:46 | 000,504,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 16:07:46 | 000,088,586 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 16:05:30 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 16:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 15:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 16:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 02:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/25 00:23:32 | 001,000,583 | ---- | C] () -- C:\WINDOWS\System32\gnet-1.1.dll
[2002/12/12 22:24:04 | 000,653,824 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2001/08/23 03:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 03:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========

[2011/01/19 14:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2012/01/07 17:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/19 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2011/01/02 05:20:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/24 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/08/19 17:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/05/23 16:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2011/07/29 01:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/02/10 01:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/04/02 04:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2007/03/14 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Handy Software Lab
[2010/07/17 02:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2010/12/05 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/02/28 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/02/10 02:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/10 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/29 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/07 14:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/09/09 01:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2011/02/10 02:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/08/04 02:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/01/07 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/18 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2009/06/25 09:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011/08/19 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/04 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/02/13 15:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE
[2010/12/05 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2009/07/02 03:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spring
[2010/07/17 02:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2007/12/09 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/02/10 02:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2006/11/06 03:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/25 00:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/05/25 12:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
[2011/11/13 14:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/04/20 18:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Thunderbird
[2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/02/12 00:23:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/16 11:45:56 | 000,030,729 | ---- | M] () -- C:\aaw7boot.log
[2006/08/19 17:40:56 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/19 03:22:41 | 000,000,061 | ---- | M] () -- C:\Avi2Dvd_Log.txt
[2012/01/03 03:54:54 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2012/02/11 19:57:19 | 000,068,122 | ---- | M] () -- C:\bootkit_remover_debug_log.txt
[2010/10/20 03:42:47 | 120,334,472 | ---- | M] () -- C:\CAPTURE.AVI
[2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/16 12:01:27 | 000,033,975 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 16:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/20 11:13:46 | 000,000,230 | ---- | M] () -- C:\config.xml
[2007/04/03 00:02:17 | 000,001,701 | ---- | M] () -- C:\Current.m3u
[2009/02/16 09:34:15 | 000,000,000 | ---- | M] () -- C:\dbg_log.txt
[2008/01/28 01:58:21 | 000,000,980 | ---- | M] () -- C:\demux.log
[2010/08/12 01:39:59 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/06/18 14:51:00 | 000,025,214 | ---- | M] () -- C:\favicon.ico
[2010/12/21 03:56:26 | 000,657,070 | ---- | M] () -- C:\FileList.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/20 03:39:20 | 000,016,743 | ---- | M] () -- C:\hcwclear.txt
[2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/19 17:48:33 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2007/01/04 21:07:37 | 000,036,918 | ---- | M] () -- C:\img.BMP
[2009/06/24 18:32:38 | 000,003,148 | ---- | M] () -- C:\init_data.xml
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/09 11:15:35 | 000,918,016 | ---- | M] () -- C:\libiconv-2.dll
[2009/05/09 11:15:35 | 000,076,800 | ---- | M] () -- C:\libintl-8.dll
[2009/09/09 02:07:35 | 225,951,718 | ---- | M] () -- C:\log_fs.log
[2009/05/09 11:15:35 | 000,135,680 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\magic1.dll
[2011/12/21 02:39:20 | 000,000,000 | ---- | M] () -- C:\Malware
[2009/05/09 11:15:33 | 000,005,694 | ---- | M] () -- C:\matroskalogo_big.ico
[2009/05/09 11:15:34 | 002,244,096 | ---- | M] () -- C:\mkvextract.exe
[2009/05/09 11:15:34 | 001,447,936 | ---- | M] () -- C:\mkvinfo.exe
[2009/05/09 11:15:35 | 004,721,664 | ---- | M] () -- C:\mkvmerge.exe
[2009/05/09 11:15:35 | 002,660,864 | ---- | M] () -- C:\mmg.exe
[2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/09 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/09 16:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/02/16 11:45:59 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2010/10/31 17:34:05 | 000,000,093 | ---- | M] () -- C:\Prodinfo.txt
[2008/06/11 02:59:40 | 000,000,143 | ---- | M] () -- C:\rapidhacker.dll
[2009/05/09 11:15:35 | 000,079,360 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\regex2.dll
[2007/05/19 03:13:00 | 000,000,020 | ---- | M] () -- C:\rules.qdb
[2007/05/19 03:25:46 | 000,000,000 | ---- | M] () -- C:\s18c
[2006/11/06 13:34:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/11/06 13:34:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/11/18 06:13:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/12/11 02:31:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/02/05 02:58:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/12/18 15:15:35 | 000,074,914 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_18.12.2011_15.10.46_log.txt
[2007/05/27 06:53:13 | 000,002,804 | ---- | M] () -- C:\tempsend.dzk
[2009/01/20 22:33:56 | 000,021,004 | ---- | M] () -- C:\TEMP_BDT.CHA
[2008/04/20 00:23:22 | 000,000,004 | ---- | M] () -- C:\test.raw
[2008/04/20 00:20:40 | 000,017,136 | ---- | M] () -- C:\testpath.raw
[2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
[2010/10/20 02:47:19 | 000,000,350 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/05/09 11:15:35 | 001,369,088 | ---- | M] () -- C:\wxbase28u_gcc_custom.dll
[2009/05/09 11:15:35 | 003,418,624 | ---- | M] () -- C:\wxmsw28u_core_gcc_custom.dll
[2009/05/09 11:15:35 | 000,538,624 | ---- | M] () -- C:\wxmsw28u_html_gcc_custom.dll
[2009/05/09 11:15:35 | 000,075,264 | ---- | M] (Zlib) -- C:\zlib1.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 05:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/08/30 16:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/08/03 01:24:50 | 000,208,896 | ---- | M] (Space Sciences Laboratory) -- C:\WINDOWS\boinc.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/14 15:01:50 | 001,618,432 | ---- | M] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 08:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 08:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/30 08:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/08/30 16:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/07/30 00:33:11 | 000,000,178 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.ini

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/05 21:09:21 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/07/02 16:25:44 | 001,545,216 | ---- | M] (Maël Hörz) -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.exe
[2005/08/30 16:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/04/29 23:08:07 | 251,426,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\metalassault_us_installer_20110429.exe
[2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/01/03 03:16:39 | 000,212,415 | ---- | M] (Paul Watson) -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.exe
[2010/12/12 20:04:49 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vlc-1.1.5-win32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/11/05 21:08:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini
[2010/05/08 16:58:22 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/16 14:50:49 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/09 16:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/09 16:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 19:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 19:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/03 19:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 19:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 19:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 19:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 19:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 19:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 04:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
[2001/02/01 16:10:20 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras file wont post...

You have included 8 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code
 
Computer seems to be doing ok, still getting popups, and AVG seems to be neutered (tray icon is there, but its not reporting any of its services working...)
 

Attachments

  • Extras.Txt
    90.1 KB · Views: 0
Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities
Install fresh copy.

When exactly do those pop-ups happen?
While using browser? Which one?
If all browsers are closed?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Auto | Stopped] -- -- (NFService)
    SRV - File not found [Auto | Stopped] -- -- (imap4d32)
    SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
    SRV - File not found [Auto | Stopped] -- -- (centennialclientagent)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    [2012/02/14 13:54:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
    [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
    [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l
    [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l
    [2011/12/16 15:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJ82c.exe.b
    [2011/12/16 15:06:53 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat
    [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3
    [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================================================

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The popups were random (and so far havent popped back up, but im suspicious since they have gone days w/o one)
Any browser, but pop up in Firefox (default)
Not sure, I rarely had no browser open.




On Preparing Done! in Security Check, it errors with netsh.exe

The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

Dunno if this is an issue, so waiting to see if I should go forward anyway (it did pop up a log of sorts regardless)



All processes killed
========== OTL ==========
Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
Service NFService stopped successfully!
Service NFService deleted successfully!
Service imap4d32 stopped successfully!
Service imap4d32 deleted successfully!
Service GoogleDesktopManager-092308-165331 stopped successfully!
Service GoogleDesktopManager-092308-165331 deleted successfully!
Service centennialclientagent stopped successfully!
Service centennialclientagent deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l moved successfully.
C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l moved successfully.
C:\WINDOWS\system32\HJ82c.exe.b moved successfully.
C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: HP_Administrator
->Temp folder emptied: 31384341 bytes
->Temporary Internet Files folder emptied: 649789 bytes
->Java cache emptied: 636770 bytes
->FireFox cache emptied: 173753805 bytes
->Google Chrome cache emptied: 114963658 bytes
->Flash cache emptied: 473137012 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14093 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15574 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 299218 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 758.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.32.0 log created on 02192012_204248

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\JET9CC3.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d04.dat not found!

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Privatefirewall 7.0
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
Windows Defender
ThreatFire
HijackThis 2.0.2
CCleaner
WinCleaner Memory Optimizer Version 5.2
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.1.102.62
Mozilla Thunderbird (1.5.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Privatefirewall 6.1 pfsvc.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
``````````End of Log````````````


I call bullshit on "out of date" java...
 
Back