Trying to clear out remnants of XP *** 2012 infection

Solved
By rubydreamer
Feb 11, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    It doesn't look like you ran my script.
    Please redo.
  2. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    I think its not working this time. Its been at the scanning step forever. System isn't frozen and neither is the program. Its just not moving forward. And no I didn't click the window. Not sure what to do now
  3. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Restart manually and run the fix from safe mode.
  4. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    Grr typing on tablet is a beast.

    It finally moved on so many hours later
  5. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Good.
    Be patient.
  6. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    it ran, the entire gamut. and no log file...
  7. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    Why cant someone figure out a way to run windows in a nice little linux sandbox environment, so everything can be watched, caught, and smashed ever so prettily in a nice colorful explosion of pixels...

    A girl can always dream I guess...
  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    What exactly happened?
    Remember, I'm not there...
  9. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    It ran slowly at the start, said it needed to reboot...

    Then froze the screen (though mouse moved, nothing else worked)

    Rebooted, figured I would ask, but it went through the normal process (Every stage) then rebooted itself.

    Then when it rebooted into this, it did nothing, never popped up the "preparing log file" thing at all.
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Check for C:\combofix.txt
  11. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    Nothing there. broken partial log in combofix dir though.

    ComboFix 12-02-11.03 - HP_Administrator 02/15/2012 20:02:42.6.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2739 [GMT -5:00]
    Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

    Rerun?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Yes.
    Re-run from safe mode.
  13. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    During the log prep, the screen blinked out for a second and about half the status bar icons in the lower right just vanished.

    ComboFix 12-02-11.03 - HP_Administrator 02/15/2012 23:38:43.7.6 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2754 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Privatefirewall *Disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB62280$\3114552305
    c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-15 23:26 . 2004-08-04 04:15 64896 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-02-14 01:31 . 2012-02-14 18:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-14 01:23 . 2012-01-24 22:43 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-02-13 01:42 . 2004-08-09 21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-12 05:26 . 2012-02-12 05:26 -------- d-s---w- c:\windows\Cookies
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2012-02-12 04:37 . 2004-08-04 03:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
    2012-02-09 11:22 . 2012-02-09 11:22 -------- d-----w- C:\found.001
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-04 21:25 . 2012-02-04 21:39 -------- d-----w- c:\program files\Security Task Manager
    2012-02-04 20:16 . 2011-02-22 18:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-02-04 20:16 . 2011-02-22 18:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-02-04 20:16 . 2012-02-04 20:17 -------- d-----w- c:\program files\ThreatFire
    2012-02-04 20:16 . 2012-02-04 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-02 17:40 . 2012-02-02 17:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
    2012-01-29 20:26 . 2012-01-29 21:46 -------- d-----w- c:\program files\Argente - Uninstall Manager
    2012-01-24 22:38 . 2012-01-27 19:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
    2012-01-24 22:22 . 2012-01-24 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-01-21 06:49 . 2011-11-09 11:21 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-01-21 06:49 . 2010-11-11 23:10 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-01-21 06:49 . 2010-11-11 23:10 100456 ----a-w- c:\windows\system32\drivers\nvhda32.sys
    2012-01-21 06:49 . 2004-08-04 04:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
    2012-01-21 06:49 . 2004-08-04 04:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
    2012-01-21 06:49 . 2004-08-04 04:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2012-01-21 06:49 . 2004-08-04 07:56 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2012-01-21 06:49 . 2004-08-04 05:56 4096 ----a-w- c:\windows\system32\ksuser.dll
    2012-01-21 06:49 . 2004-08-04 05:56 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2012-01-21 06:49 . 2004-03-16 17:58 136960 ----a-w- c:\windows\system32\drivers\portcls.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-26 17:33 . 2011-06-14 01:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-31 07:33 . 2011-12-31 07:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 08:00 . 2011-07-16 23:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDM.SYS
    2011-12-23 20:52 . 2011-08-20 00:43 16976 ----a-w- c:\windows\system32\drivers\SSADMDFL.SYS
    2011-12-23 20:52 . 2011-01-19 19:07 16976 ----a-w- c:\windows\system32\drivers\SXUPTP.SYS
    2011-12-23 20:52 . 2010-10-31 22:48 16976 ----a-w- c:\windows\system32\drivers\BT848.SYS
    2011-12-10 20:24 . 2008-07-30 21:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-14 20:01 . 2010-08-06 09:16 1618432 ----a-w- c:\program files\Default Programs Editor.exe
    2006-05-03 09:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-12_03.29.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-16 16:46 . 2012-02-16 16:46 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
    + 2012-02-16 16:46 . 2012-02-16 16:46 16384 c:\windows\Temp\Perflib_Perfdata_5f4.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 88586 c:\windows\system32\perfc009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 88586 c:\windows\system32\perfc009.dat
    + 2004-08-09 21:00 . 2004-08-04 04:15 64896 c:\windows\system32\dllcache\serial.sys
    - 2005-08-30 21:02 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-08-30 21:02 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-08-30 13:51 . 2012-02-07 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2005-08-30 13:51 . 2012-02-12 20:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-12 05:26 . 2012-02-14 02:18 16384 c:\windows\Cookies\index.dat
    - 2012-02-12 03:24 . 2012-02-12 03:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2012-02-16 16:46 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-12-21 18:41 . 2012-02-16 03:29 278096 c:\windows\system32\pghash.dat
    + 2005-08-30 21:07 . 2012-02-12 04:38 504792 c:\windows\system32\perfh009.dat
    - 2005-08-30 21:07 . 2012-02-12 02:30 504792 c:\windows\system32\perfh009.dat
    - 2004-08-09 21:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
    + 2006-05-05 09:41 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2005-01-20 280064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2012-01-19 8563624]
    "SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2011-04-19 2809856]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
    "Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2011-10-22 3065568]
    "!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2005-01-20 184320]
    "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Internet\\Cerberus FTP\\Cerberus.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msncall.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Curse\\CurseClient.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Internet\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23327:TCP"= 23327:TCP:BitComet 23327 TCP
    "23327:UDP"= 23327:UDP:BitComet 23327 UDP
    "85:TCP"= 85:TCP:BroadWave Web Server
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "57575:TCP"= 57575:TCP:pando Media Booster
    "57575:UDP"= 57575:UDP:pando Media Booster
    "56833:TCP"= 56833:TCP:pando Media Booster
    "56833:UDP"= 56833:UDP:pando Media Booster
    "19540:UDP"= 19540:UDP:SXUPTP
    "443:UDP"= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP"= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:eek:oVoo UDP port 37675
    "135:TCP"= 135:TCP:DCOM(135)
    "6900:TCP"= 6900:TCP:BitComet 6900 TCP
    "6900:UDP"= 6900:UDP:BitComet 6900 UDP
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [10/5/2009 1:31 PM 3712]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/30/2011 3:45 PM 64512]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2/4/2012 3:16 PM 51984]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2/4/2012 3:16 PM 69392]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/13/2012 8:23 PM 242240]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/22/2010 12:46 AM 123856]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/22/2010 12:46 AM 41680]
    R2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [10/24/2009 12:53 AM 1127944]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 4:00 PM 14336]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/19/2011 2:07 PM 152064]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/19/2011 2:07 PM 49152]
    R2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [10/31/2010 5:48 PM 16976]
    R2 DCSPGSRV;DiamondCS Process Guard Service v3.000;c:\program files\ProcessGuard\DCSUserProt.exe [12/20/2011 4:10 PM 69632]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/16/2011 6:58 PM 12184]
    R2 PFNet;Privacyware network service;c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe [10/21/2011 9:57 PM 379328]
    R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [12/5/2010 7:13 PM 354176]
    R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\SXUPTP.SYS [1/19/2011 2:07 PM 16976]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [1/24/2010 11:34 PM 70952]
    R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/21/2012 1:49 AM 100456]
    R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [12/18/2011 7:10 PM 130360]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2/4/2012 3:16 PM 33552]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/3/2010 1:56 PM 2127728]
    S1 PDIDRV;PDIDRV; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S2 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe --> c:\progra~1\FASTRE~2\IQWebFTPServerEngine.exe [?]
    S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/19/2011 7:43 PM 30312]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2010 5:51 PM 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [7/17/2010 2:02 AM 24576]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/20/2011 10:31 AM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [6/20/2011 10:31 AM 15232]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [4/30/2011 7:00 AM 42648]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [4/30/2011 7:00 AM 12184]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 7:01 PM 42512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 npkycryp;npkycryp; [x]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [8/4/2011 2:27 AM 86016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [1/19/2011 12:08 PM 590080]
    S3 SjyPkt;SjyPkt; [x]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/19/2011 7:43 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\SSADMDFL.SYS [8/19/2011 7:43 PM 16976]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\SSADMDM.SYS [8/19/2011 7:43 PM 16976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
    S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
    S4 sptd;sptd;c:\windows\system32\drivers\SPTD.SYS [11/11/2006 1:54 AM 16976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PGFILTER
    *Deregistered* - mchInjDrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MRESP50a64
    wps
    MSFWDrv
    point32
    MTC0001_ESB
    se59mgmt
    queuemgr
    cmdmon
    Nsynas32
    mirrorv3
    GTPTSER
    x10nets
    houdinilicenseserver
    sfhlp02
    mgabgexe
    int15
    wmconnectcds
    issimon
    NWFILTER
    s116nd5
    lusbaudio
    clmtomcatstartersvc
    foldersize
    ikfilesec
    centennialclientagent
    SaiH040B
    imap4d32
    nmindexingservice
    pclepci
    CAM1210
    portmapper
    lxbx_device
    dwusbdnt
    mcusrmgr
    SQTECH9080
    s117mdm
    iPassPeriodicUpdateApp
    SMCB000
    sthda
    st330service
    icraplus
    com0com
    lxbt_device
    cpqnicmgmt
    SaiNtHid
    toscosrv
    NuidFltr
    k56
    infrastructure
    vwlogger
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-01-19 20:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
    .
    2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 22:51]
    .
    2012-02-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-02-12 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 21:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &D&ownload &with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\Internet\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by NetXfer - c:\program files\Internet\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files\Internet\NetXfer\NXAddLink.html
    IE: Free YouTube Download - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    IE: {{A3A0268C-3146-431d-84EE-2789B750ABD2} - {4E2E9E0B-6C23-45e9-A8A3-6A5581779451} - c:\program files\Bubbles\BubblesHBO.dll
    Trusted Zone: trymedia.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Internet\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Internet\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: Link Alert: linkalert.conlan@addons.mozilla.com - %profile%\extensions\linkalert.conlan@addons.mozilla.com
    FF - Ext: VacuumPlaces Extension: VacuumPlaces@revertron.com - %profile%\extensions\VacuumPlaces@revertron.com
    FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    FF - Ext: AvantGarde Rosepetal: {9f94fab0-58a2-11dd-ae16-0800200c9a66} - %profile%\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Show my Password: {cd617372-6743-4ee4-bac4-fbf60f35719e} - %profile%\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Better Facebook!: betterfacebook@mattkruse.com - %profile%\extensions\betterfacebook@mattkruse.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-16 11:49
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.dtsoftbus01]
    "ImagePath"="\?"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\mc22.tmp"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\SecuROM\License information*]
    "datasecu"=hex:56,6a,f9,4a,a2,74,63,e0,5a,b2,45,7b,2d,a8,b5,b1,a5,61,80,30,ec,
    fd,11,38,6a,03,80,0d,de,c9,ca,7e,8e,96,76,21,57,e0,db,41,fb,69,67,95,2f,13,\
    "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*2*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI2"
    .
    [HKEY_LOCAL_MACHINE\software\’t*’0 ’ ’X*’p*’ \’0 ’O*’i*’*’N*’o*’g*’9 ’I*’t*’0 ’C*’  Ç*0 Á*’V*’i*’`’I*3*]
    "ShortcutName"="ƒ‰ƒOƒiƒƒNƒoƒgƒ‹ƒIƒtƒ‰ƒCƒ“’ljÁƒVƒiƒŠƒI3"
    DUMPHIVE0.003 (REGF)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(576)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'lsass.exe'(852)
    c:\program files\ThreatFire\TFWAH.dll
    .
    - - - - - - - > 'explorer.exe'(3764)
    c:\program files\ThreatFire\TfWah.dll
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\windows\system32\MSWSOCK.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\program files\ThreatFire\TFNI.dll
    c:\windows\system32\WSOCK32.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\windows\arservice.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\ThreatFire\TFService.exe
    c:\program files\tbh\base\bin\tbhDaemon.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\hp\KBD\KBD.EXE
    c:\windows\system32\wscntfy.exe
    c:\windows\system\hpsysdrv.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    c:\program files\DISC\DiscUpdMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-16 12:01:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-16 17:01
    ComboFix2.txt 2012-02-14 18:43
    ComboFix3.txt 2012-02-14 02:42
    ComboFix4.txt 2012-02-12 05:26
    ComboFix5.txt 2012-02-15 20:28
    .
    Pre-Run: 45,299,945,472 bytes free
    Post-Run: 45,134,774,272 bytes free
    .
    - - End Of File - - 611AE5DF71652BFBACE1FFE9D8612E44
  14. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    OTL is 230 KB
    Extras is 90 KB

    Should I just split them up, or do via attatchment?
  16. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Split please....
  17. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    OTL logfile created on: 2/16/2012 2:58:14 PM - Run 1
    OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 72.73% Memory free
    7.09 Gb Paging File | 6.25 Gb Available in Paging File | 88.24% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 289.23 Gb Total Space | 41.94 Gb Free Space | 14.50% Space Free | Partition Type: NTFS
    Drive D: | 8.83 Gb Total Space | 0.61 Gb Free Space | 6.87% Space Free | Partition Type: FAT32
    Drive E: | 292.96 Gb Total Space | 291.94 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
    Drive J: | 638.55 Gb Total Space | 352.65 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
    Drive K: | 115.83 Gb Total Space | 23.11 Gb Free Space | 19.95% Space Free | Partition Type: NTFS

    Computer Name: ELENGIL | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    PRC - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
    PRC - [2012/02/15 22:42:44 | 000,388,608 | R--- | M] (Microsoft Corporation) -- C:\ComboFix\CF5325.3XE
    PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2012/01/19 16:10:32 | 008,563,624 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
    PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    PRC - [2011/10/21 21:56:58 | 003,065,568 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/06/23 18:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2011/06/17 02:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    PRC - [2011/04/19 09:07:10 | 002,809,856 | ---- | M] (SplitCam Co.) -- C:\Program Files\SplitCam\SplitCam.exe
    PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
    PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    PRC - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
    PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    PRC - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
    PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
    PRC - [2008/11/18 00:15:14 | 000,417,136 | R--- | M] (Sysinternals) -- C:\ComboFix\handle.3XE
    PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/09/16 09:55:14 | 000,397,312 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    PRC - [2006/07/07 11:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
    PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
    PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
    PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
    PRC - [2005/02/01 18:28:12 | 001,469,952 | ---- | M] (Hagel Technologies) -- C:\Program Files\DU Meter\DUMeter.exe
    PRC - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
    PRC - [2005/01/20 14:24:02 | 000,280,064 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
    PRC - [2005/01/20 14:14:10 | 000,184,320 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
    MOD - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
    MOD - [2012/01/18 14:48:08 | 000,008,624 | ---- | M] () -- C:\Program Files\Innovative Solutions\DriverMax\sync.dll
    MOD - [2011/06/23 18:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
    MOD - [2011/03/25 06:25:12 | 003,668,992 | ---- | M] () -- C:\Program Files\SplitCam\DSFilters\Decoding\ffdshow.ax
    MOD - [2011/03/11 10:06:28 | 000,958,464 | ---- | M] () -- C:\Program Files\SplitCam\cxcore110.dll
    MOD - [2011/03/11 10:06:28 | 000,876,544 | ---- | M] () -- C:\Program Files\SplitCam\cv110.dll
    MOD - [2011/03/11 10:06:28 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx
    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/11/10 10:37:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3548b262\mscorlib.dll
    MOD - [2010/11/10 10:37:07 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a16b8162\system.drawing.dll
    MOD - [2010/11/10 10:36:54 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a54c19c5\system.windows.forms.dll
    MOD - [2010/11/10 10:36:45 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_72096808\system.dll
    MOD - [2010/11/10 10:36:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
    MOD - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    MOD - [2010/02/05 13:14:43 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
    MOD - [2006/10/22 10:41:52 | 000,235,520 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
    MOD - [2006/09/16 09:56:40 | 000,133,120 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
    MOD - [2006/09/16 09:51:08 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
    MOD - [2006/09/16 09:51:06 | 000,010,752 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\windows-1252.so
    MOD - [2006/09/16 09:51:06 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\utf-8.so
    MOD - [2006/08/19 16:59:49 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2006/08/19 16:59:48 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2006/05/13 23:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
    MOD - [2005/08/02 18:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
    MOD - [2004/08/09 16:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2004/08/09 16:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
    MOD - [2004/08/09 16:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2004/08/09 16:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2003/05/07 20:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll
    MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - File not found [Auto | Stopped] -- -- (NFService)
    SRV - File not found [Auto | Stopped] -- -- (imap4d32)
    SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
    SRV - File not found [Auto | Stopped] -- -- (centennialclientagent)
    SRV - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
    SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
    SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/06/17 02:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
    SRV - [2010/09/13 16:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
    SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2010/04/26 18:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
    SRV - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
    SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
    SRV - [2007/05/04 09:00:12 | 005,701,632 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
    SRV - [2006/09/29 05:56:44 | 000,574,976 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\Internet\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
    SRV - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\dcsuserprot.exe -- (DCSPGSRV)
    SRV - [2004/08/09 16:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\w810bus.dll -- (SaiH040B)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012/01/24 17:43:30 | 000,242,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SXUPTP.SYS -- (sxuptp)
    DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDM.SYS -- (ssadmdm)
    DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDFL.SYS -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
    DRV - [2011/09/15 15:23:30 | 000,130,360 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
    DRV - [2011/07/20 02:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2011/07/20 02:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/30 07:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2011/04/30 07:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2011/04/30 07:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2011/04/30 07:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2011/04/30 07:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2011/04/30 06:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:54 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/11 18:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2010/08/04 21:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2010/03/25 20:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2010/03/25 20:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
    DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
    DRV - [2009/11/25 19:12:00 | 000,354,176 | ---- | M] (TrueCrypt Foundation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\supersafer.sys -- (supersafer)
    DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
    DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 03:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/09/16 15:30:24 | 000,590,080 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/08/03 21:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - [2009/05/24 13:03:54 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2007/06/28 19:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
    DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
    DRV - [2007/02/06 11:27:02 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
    DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2006/06/27 22:15:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2006/06/14 06:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/10 19:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
    DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
    DRV - [2005/06/29 12:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2005/04/04 11:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\VFD\vfd.sys -- (VirtualFD)
    DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/01/01 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/08/09 16:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 02:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
    DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.81
    FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
    FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.10
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.1
    FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.9
    FF - prefs.js..extensions.enabledItems: {d4330680-c0ae-4226-8a21-0afe2fd1ac24}:3.8.0.8

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2007/08/09 10:16:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2009/06/15 03:44:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2009/08/24 03:32:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox 3\components [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox 3\plugins [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/06/07 14:17:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/06/07 14:15:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]

    [2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2010/08/30 13:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Pink Paula / PP 2") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
    [2008/09/22 06:21:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2008/07/30 12:39:25 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2008/08/01 13:54:22 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2008/09/02 18:37:29 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    [2008/09/22 06:21:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("IE Tab") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2008/07/30 12:39:12 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    [2008/09/22 06:21:38 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2008/06/06 22:35:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/08/30 13:04:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2008/07/30 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Daisy") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{C985DAC8-338E-11DB-8AF6-B622A1EF5492}
    [2008/06/19 10:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2008/06/19 10:15:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2008/06/19 10:15:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2008/09/22 06:21:38 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Ctrl Tab Preview") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Firebug") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\firebug@software.joehewitt.com
    [2008/05/24 16:47:03 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\linkalert.conlan@addons.mozilla.com
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Video Download") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\piraton@enchufados.net
    [2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\videodowloader@videodownloader.net
    [2007/03/14 12:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se\chrome
    [2012/01/31 23:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions
    [2009/09/07 12:52:35 | 000,000,000 | ---D | M] ("Pink Paula / PP 3.5.1") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
    [2008/10/13 00:11:50 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
    [2011/09/09 23:33:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/04/26 23:31:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2011/06/28 16:03:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2009/07/28 01:14:33 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    [2010/12/19 14:25:45 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{45d8ff86-d909-11db-9705-005056c00008}
    [2011/06/28 16:04:27 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2011/09/09 23:33:55 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
    [2009/09/28 21:30:28 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
    [2012/01/05 10:09:35 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    [2011/09/09 23:33:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/06/06 07:36:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2010/04/26 23:31:49 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    [2010/05/12 23:38:50 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
    [2009/08/31 07:20:37 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
    [2011/08/10 21:01:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/12/19 14:25:48 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/08/30 13:04:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2011/11/13 14:52:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    [2011/11/13 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
    [2011/10/29 15:43:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/08/10 21:01:34 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    [2011/09/09 23:33:57 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2010/10/16 15:42:01 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
    [2011/08/10 21:01:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/12/19 14:25:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/06/28 16:04:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011/08/13 04:48:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/09/09 23:34:03 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\betterfacebook@mattkruse.com
    [2011/08/10 21:01:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\DeviceDetection@logitech.com
    [2010/05/12 23:38:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\firebug@software.joehewitt.com
    [2011/09/09 23:34:02 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\lazarus@interclue.com
    [2011/06/28 16:03:34 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\linkalert.conlan@addons.mozilla.com
    [2012/01/05 10:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\staged-xpis
    [2009/10/04 11:30:26 | 000,000,000 | ---D | M] (VacuumPlaces Extension) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\VacuumPlaces@revertron.com
    [2011/06/28 16:03:47 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\weatherwatcherlive@singerscreations.com
    [2010/05/12 23:38:52 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\webmaster@keep-tube.com
    [2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\SeaMonkey\Profiles\7tyw5yzt.default\extensions
    [2012/02/04 15:12:54 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
  18. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npBitCometAgent.dll
    CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npvirtools.dll
    CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npWebLaunch.dll
    CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Super Mario Bros. Crossover = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeecbbkpegiknjlkklkajceokkdgipbm\2.1_0\
    CHR - Extension: Lord of Ultima = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.11_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Poppit = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Google Chrome to Phone Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

    O1 HOSTS File: ([2012/02/16 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - Reg Error: Value error. File not found
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Internet\NetXfer\NXToolBar.dll (Xi)
    O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
    O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
    O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
    O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe (SplitCam Co.)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Internet\NetXfer\NXAddList.html ()
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Internet\NetXfer\NXAddLink.html ()
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    O9 - Extra Button: Bubble This URL - {A3A0268C-3146-431d-84EE-2789B750ABD2} - C:\Program Files\Bubbles\BubblesHBO.dll (3D3R)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/08/19 17:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2011/08/06 01:11:04 | 000,000,000 | ---D | M] - J:\Autohotkey -- [ NTFS ]
    O32 - AutoRun File - [2006/05/26 12:25:18 | 000,712,704 | ---- | M] () - K:\AutoRAR.exe -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: MRESP50a64 - File not found
    NetSvcs: wps - File not found
    NetSvcs: MSFWDrv - File not found
    NetSvcs: point32 - File not found
    NetSvcs: MTC0001_ESB - File not found
    NetSvcs: se59mgmt - File not found
    NetSvcs: queuemgr - File not found
    NetSvcs: cmdmon - File not found
    NetSvcs: Nsynas32 - File not found
    NetSvcs: mirrorv3 - File not found
    NetSvcs: GTPTSER - File not found
    NetSvcs: x10nets - File not found
    NetSvcs: houdinilicenseserver - File not found
    NetSvcs: sfhlp02 - File not found
    NetSvcs: mgabgexe - File not found
    NetSvcs: int15 - File not found
    NetSvcs: wmconnectcds - File not found
    NetSvcs: issimon - File not found
    NetSvcs: NWFILTER - File not found
    NetSvcs: s116nd5 - File not found
    NetSvcs: lusbaudio - File not found
    NetSvcs: clmtomcatstartersvc - File not found
    NetSvcs: foldersize - File not found
    NetSvcs: ikfilesec - File not found
    NetSvcs: centennialclientagent - File not found
    NetSvcs: SaiH040B - C:\WINDOWS\system32\w810bus.dll (Oak Technology Inc.)
    NetSvcs: imap4d32 - File not found
    NetSvcs: nmindexingservice - File not found
    NetSvcs: pclepci - File not found
    NetSvcs: CAM1210 - File not found
    NetSvcs: portmapper - File not found
    NetSvcs: lxbx_device - File not found
    NetSvcs: dwusbdnt - File not found
    NetSvcs: mcusrmgr - File not found
    NetSvcs: SQTECH9080 - File not found
    NetSvcs: s117mdm - File not found
    NetSvcs: iPassPeriodicUpdateApp - File not found
    NetSvcs: SMCB000 - File not found
    NetSvcs: sthda - File not found
    NetSvcs: st330service - File not found
    NetSvcs: icraplus - File not found
    NetSvcs: com0com - File not found
    NetSvcs: lxbt_device - File not found
    NetSvcs: cpqnicmgmt - File not found
    NetSvcs: SaiNtHid - File not found
    NetSvcs: toscosrv - File not found
    NetSvcs: NuidFltr - File not found
    NetSvcs: k56 - File not found
    NetSvcs: infrastructure - File not found
    NetSvcs: vwlogger - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.D263 - C:\WINDOWS\System32\xl_x263dec.dll (Xirlink, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/16 13:49:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2012/02/16 12:01:36 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2012/02/15 22:43:02 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/12 00:26:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
    [2012/02/11 23:17:52 | 004,402,217 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    [2012/02/11 20:58:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/02/11 20:52:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/02/11 20:52:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/02/11 20:52:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/02/11 20:52:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/02/11 20:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/02/11 20:52:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/09 06:22:28 | 000,000,000 | ---D | C] -- C:\found.001
    [2012/02/04 16:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2012/02/04 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/02/04 15:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
    [2012/02/04 15:16:59 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
    [2012/02/04 15:16:59 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
    [2012/02/04 15:16:59 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
    [2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
    [2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/02/03 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Threats
    [2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
    [2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatExpert Memory Scanner
    [2012/01/29 15:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Argente - Uninstall Manager
    [2012/01/29 15:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Argente - Uninstall Manager
    [2012/01/26 03:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
    [2012/01/24 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools Lite
    [2012/01/24 17:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2010/08/06 04:16:53 | 001,618,432 | ---- | C] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/16 14:52:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/16 14:52:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2012/02/16 12:02:32 | 000,001,226 | ---- | M] () -- C:\WINDOWS\SplitCam.INI
    [2012/02/16 12:01:36 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2012/02/16 11:49:46 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2012/02/16 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/02/16 11:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/16 11:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2012/02/16 11:45:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2012/02/15 22:41:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/15 22:29:31 | 000,278,096 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
    [2012/02/15 20:29:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/02/14 13:54:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
    [2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012/02/11 23:38:33 | 000,504,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/11 23:38:32 | 000,088,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
    [2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    [2012/02/11 19:52:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
    [2012/02/06 22:24:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012/02/06 22:24:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012/02/06 22:17:57 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
    [2012/02/06 22:10:05 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2012/02/06 22:07:09 | 088,369,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/02/05 00:04:01 | 000,335,823 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/02/04 15:21:40 | 000,272,096 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
    [2012/02/04 15:17:01 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
    [2012/01/26 22:13:01 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/01/26 22:13:01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/01/24 17:43:30 | 000,242,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2012/01/24 03:08:32 | 000,000,039 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
    [2012/01/21 01:38:42 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverMax.lnk
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/15 23:34:09 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/13 20:31:37 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/02/13 20:23:35 | 000,242,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2012/02/13 19:45:10 | 000,336,993 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
    [2012/02/11 20:52:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/02/11 20:52:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/02/11 20:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/02/11 20:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/02/11 20:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/11 19:52:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
    [2012/02/06 22:17:38 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
    [2012/02/04 15:17:01 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
    [2012/01/25 18:19:23 | 000,001,226 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
    [2012/01/24 03:08:30 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
    [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
    [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
    [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l
    [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l
    [2011/12/21 13:41:21 | 000,278,096 | ---- | C] () -- C:\WINDOWS\System32\pghash.dat
    [2011/12/21 13:41:20 | 000,272,096 | ---- | C] () -- C:\WINDOWS\System32\pguard.dat
    [2011/12/20 16:10:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\procguard.dll
    [2011/12/18 19:10:03 | 000,000,146 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/12/16 15:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJ82c.exe.b
    [2011/12/16 15:06:53 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat
    [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3
    [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3
    [2011/10/14 01:04:26 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.freeciv-client-rc-2.3
    [2011/08/20 00:16:09 | 000,267,614 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/08/16 05:16:24 | 000,337,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3220704123-1705262036-168104783-1007-0.dat
    [2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2011/07/03 15:47:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/07/03 15:47:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/06/30 16:22:07 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2011/04/20 17:19:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddiwezipahal.dat
    [2011/04/20 17:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ksuzebic.bin
    [2010/12/16 06:06:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\setup_ldm.iss
    [2010/12/05 20:12:55 | 000,042,535 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2010/12/05 19:13:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SuperSafer.cfg
    [2010/12/05 19:13:08 | 002,771,968 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_custom.dll
    [2010/12/05 19:13:08 | 001,163,776 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_custom.dll
    [2010/12/05 19:13:08 | 000,681,472 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_custom.dll
    [2010/12/05 19:13:08 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_custom.dll
    [2010/12/05 19:13:08 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_custom.dll
    [2010/12/05 19:13:08 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_custom.dll
    [2010/12/05 19:13:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_custom.dll
    [2010/12/05 19:13:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\verify.dll
    [2010/12/05 19:13:08 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\config.dll
    [2010/12/03 13:58:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2010/12/03 13:58:47 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2010/12/03 13:58:44 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
    [2010/12/03 13:58:44 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
    [2010/12/03 13:56:42 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2010/12/03 13:44:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
    [2010/12/03 13:44:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2010/12/03 13:44:02 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
    [2010/12/03 13:43:52 | 000,033,790 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2010/12/03 13:43:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2010/12/03 13:12:20 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/12/03 13:12:18 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/12/03 13:12:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/12/03 12:53:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/10 10:44:49 | 000,266,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/10/20 03:40:01 | 000,102,038 | ---- | C] () -- C:\WINDOWS\System32\HCW848UN.EXE
    [2010/10/20 03:13:29 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2010/09/15 03:34:39 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/08/28 02:18:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/08/28 02:18:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/08/28 02:18:28 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/07/26 18:22:18 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
    [2010/06/18 14:42:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FFS20ChtReg.ini
    [2010/05/23 15:13:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/04/21 00:16:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/01/30 01:20:02 | 000,000,430 | ---- | C] () -- C:\WINDOWS\Memory.ini
    [2010/01/30 01:17:31 | 000,000,361 | ---- | C] () -- C:\WINDOWS\MasMind.INI
    [2009/12/29 08:01:05 | 000,004,620 | ---- | C] () -- C:\WINDOWS\XChange.dat
    [2009/12/25 18:22:41 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/12/06 01:46:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
    [2009/11/07 16:23:36 | 000,000,279 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
    [2009/11/07 16:22:56 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TTT.INI
    [2009/11/07 16:22:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\pmachine.ini
    [2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2009/08/31 05:59:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\othello.ini
    [2009/08/31 05:56:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
    [2009/07/31 22:57:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2009/07/31 21:43:51 | 001,377,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\speech.wav
    [2009/07/02 03:37:07 | 000,003,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\springsettings.cfg
    [2009/07/01 15:04:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2009/04/20 23:32:39 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\MPQEditor.ini
    [2009/04/09 04:35:45 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
    [2009/03/25 02:10:00 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/03/25 02:10:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/03/24 05:41:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/03/20 06:47:41 | 000,004,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Cosmos Prefs
    [2009/03/17 23:07:43 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
    [2009/03/07 08:54:47 | 000,019,840 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
    [2009/03/04 20:01:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2009/01/20 12:43:35 | 000,005,292 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
    [2008/12/03 11:57:29 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2008/12/03 11:57:28 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
    [2008/10/29 03:16:02 | 000,088,456 | ---- | C] () -- C:\WINDOWS\Network Measurement Agent Uninstaller.exe
    [2008/10/12 23:56:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
    [2008/10/11 18:53:40 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WinBIN2ISO.INI
    [2008/09/07 19:52:55 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\WavCodec.wff
    [2008/08/19 21:46:41 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
    [2008/05/21 05:30:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TSW12.INI
    [2008/05/12 17:46:11 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ROPatch.ini
    [2008/04/21 03:26:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sprview.dll
    [2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
    [2008/02/07 06:56:54 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2007/09/26 13:16:55 | 000,308,928 | ---- | C] () -- C:\WINDOWS\System32\ivflt08.dll
    [2007/09/26 13:16:55 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ivbas08.dll
    [2007/09/19 23:50:09 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
    [2007/08/19 15:11:59 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
    [2007/07/25 23:15:41 | 000,000,626 | ---- | C] () -- C:\WINDOWS\roughdraft.INI
    [2007/06/28 19:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/03/31 23:40:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Mp3Decode.INI
    [2007/03/21 21:21:10 | 000,703,258 | ---- | C] () -- C:\WINDOWS\unins000.exe
    [2007/03/21 21:21:10 | 000,003,381 | ---- | C] () -- C:\WINDOWS\unins000.dat
    [2007/03/03 21:13:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\settings.ini
    [2007/02/18 05:33:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2007/02/05 11:11:36 | 000,007,725 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
    [2007/01/18 02:46:39 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Sta2.INI
    [2006/11/13 00:09:16 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\TFSFILE5.DAT
    [2006/11/06 03:44:43 | 000,004,929 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2006/11/06 01:11:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2006/11/06 00:56:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/11/05 22:09:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/11/05 21:04:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
    [2006/08/19 18:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/19 17:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/08/19 17:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/08/19 17:41:13 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/08/19 17:29:45 | 000,004,567 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/19 17:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
    [2006/08/19 17:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/08/19 17:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
    [2006/08/19 17:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/08/19 17:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll.hcw
    [2006/08/19 17:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/08/19 17:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/08/19 17:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/08/19 16:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/08/19 16:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/08/19 16:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/08/04 19:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
    [2006/06/27 22:15:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2006/06/16 06:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/11/07 17:32:46 | 003,088,384 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.dll
    [2005/11/04 21:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
    [2005/08/30 16:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/30 16:07:46 | 000,504,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/30 16:07:46 | 000,088,586 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/30 16:05:30 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/30 16:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/30 15:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
    [2004/08/09 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/09 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/09 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/09 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/09 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/09 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/09 16:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/08/09 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/26 02:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2003/07/25 00:23:32 | 001,000,583 | ---- | C] () -- C:\WINDOWS\System32\gnet-1.1.dll
    [2002/12/12 22:24:04 | 000,653,824 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
    [2001/08/23 03:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 03:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
  19. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    ========== LOP Check ==========

    [2011/01/19 14:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
    [2012/01/07 17:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/01/19 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
    [2011/01/02 05:20:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/01/24 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2006/08/19 17:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2011/05/23 16:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
    [2011/07/29 01:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2011/02/10 01:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2007/04/02 04:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
    [2007/03/14 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Handy Software Lab
    [2010/07/17 02:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
    [2010/12/05 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
    [2008/02/28 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
    [2011/02/10 02:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2011/04/10 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/01/29 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2011/01/07 14:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2009/09/09 01:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
    [2011/02/10 02:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/08/04 02:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
    [2011/01/07 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2011/12/18 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
    [2009/06/25 09:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
    [2011/08/19 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2012/02/04 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/02/13 15:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE
    [2010/12/05 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
    [2009/07/02 03:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spring
    [2010/07/17 02:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2007/12/09 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2011/02/10 02:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2006/11/06 03:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2006/12/25 00:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2011/05/25 12:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
    [2011/11/13 14:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2011/04/20 18:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Thunderbird
    [2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/02/12 00:23:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/02/16 11:45:56 | 000,030,729 | ---- | M] () -- C:\aaw7boot.log
    [2006/08/19 17:40:56 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/05/19 03:22:41 | 000,000,061 | ---- | M] () -- C:\Avi2Dvd_Log.txt
    [2012/01/03 03:54:54 | 000,000,325 | ---- | M] () -- C:\Boot.bak
    [2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
    [2012/02/11 19:57:19 | 000,068,122 | ---- | M] () -- C:\bootkit_remover_debug_log.txt
    [2010/10/20 03:42:47 | 120,334,472 | ---- | M] () -- C:\CAPTURE.AVI
    [2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/02/16 12:01:27 | 000,033,975 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/30 16:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/06/20 11:13:46 | 000,000,230 | ---- | M] () -- C:\config.xml
    [2007/04/03 00:02:17 | 000,001,701 | ---- | M] () -- C:\Current.m3u
    [2009/02/16 09:34:15 | 000,000,000 | ---- | M] () -- C:\dbg_log.txt
    [2008/01/28 01:58:21 | 000,000,980 | ---- | M] () -- C:\demux.log
    [2010/08/12 01:39:59 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/06/18 14:51:00 | 000,025,214 | ---- | M] () -- C:\favicon.ico
    [2010/12/21 03:56:26 | 000,657,070 | ---- | M] () -- C:\FileList.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/10/20 03:39:20 | 000,016,743 | ---- | M] () -- C:\hcwclear.txt
    [2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
    [2006/08/19 17:48:33 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
    [2007/01/04 21:07:37 | 000,036,918 | ---- | M] () -- C:\img.BMP
    [2009/06/24 18:32:38 | 000,003,148 | ---- | M] () -- C:\init_data.xml
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/05/09 11:15:35 | 000,918,016 | ---- | M] () -- C:\libiconv-2.dll
    [2009/05/09 11:15:35 | 000,076,800 | ---- | M] () -- C:\libintl-8.dll
    [2009/09/09 02:07:35 | 225,951,718 | ---- | M] () -- C:\log_fs.log
    [2009/05/09 11:15:35 | 000,135,680 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\magic1.dll
    [2011/12/21 02:39:20 | 000,000,000 | ---- | M] () -- C:\Malware
    [2009/05/09 11:15:33 | 000,005,694 | ---- | M] () -- C:\matroskalogo_big.ico
    [2009/05/09 11:15:34 | 002,244,096 | ---- | M] () -- C:\mkvextract.exe
    [2009/05/09 11:15:34 | 001,447,936 | ---- | M] () -- C:\mkvinfo.exe
    [2009/05/09 11:15:35 | 004,721,664 | ---- | M] () -- C:\mkvmerge.exe
    [2009/05/09 11:15:35 | 002,660,864 | ---- | M] () -- C:\mmg.exe
    [2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/09 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/09 16:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2012/02/16 11:45:59 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/31 17:34:05 | 000,000,093 | ---- | M] () -- C:\Prodinfo.txt
    [2008/06/11 02:59:40 | 000,000,143 | ---- | M] () -- C:\rapidhacker.dll
    [2009/05/09 11:15:35 | 000,079,360 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\regex2.dll
    [2007/05/19 03:13:00 | 000,000,020 | ---- | M] () -- C:\rules.qdb
    [2007/05/19 03:25:46 | 000,000,000 | ---- | M] () -- C:\s18c
    [2006/11/06 13:34:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2006/11/06 13:34:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2006/11/18 06:13:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2006/12/11 02:31:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2007/02/05 02:58:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2011/12/18 15:15:35 | 000,074,914 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_18.12.2011_15.10.46_log.txt
    [2007/05/27 06:53:13 | 000,002,804 | ---- | M] () -- C:\tempsend.dzk
    [2009/01/20 22:33:56 | 000,021,004 | ---- | M] () -- C:\TEMP_BDT.CHA
    [2008/04/20 00:23:22 | 000,000,004 | ---- | M] () -- C:\test.raw
    [2008/04/20 00:20:40 | 000,017,136 | ---- | M] () -- C:\testpath.raw
    [2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
    [2010/10/20 02:47:19 | 000,000,350 | ---- | M] () -- C:\updatedatfix.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2009/05/09 11:15:35 | 001,369,088 | ---- | M] () -- C:\wxbase28u_gcc_custom.dll
    [2009/05/09 11:15:35 | 003,418,624 | ---- | M] () -- C:\wxmsw28u_core_gcc_custom.dll
    [2009/05/09 11:15:35 | 000,538,624 | ---- | M] () -- C:\wxmsw28u_html_gcc_custom.dll
    [2009/05/09 11:15:35 | 000,075,264 | ---- | M] (Zlib) -- C:\zlib1.dll
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 05:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2005/08/30 16:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/08/03 01:24:50 | 000,208,896 | ---- | M] (Space Sciences Laboratory) -- C:\WINDOWS\boinc.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/02/14 15:01:50 | 001,618,432 | ---- | M] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/30 08:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005/08/30 08:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/08/30 08:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2005/08/30 16:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2008/07/30 00:33:11 | 000,000,178 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.ini

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/11/05 21:09:21 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/07/02 16:25:44 | 001,545,216 | ---- | M] (Maël Hörz) -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.exe
    [2005/08/30 16:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    [2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
    [2011/04/29 23:08:07 | 251,426,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\metalassault_us_installer_20110429.exe
    [2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
    [2012/01/03 03:16:39 | 000,212,415 | ---- | M] (Paul Watson) -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.exe
    [2010/12/12 20:04:49 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vlc-1.1.5-win32.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/09 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/11/05 21:08:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini
    [2010/05/08 16:58:22 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/02/16 14:50:49 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/09 16:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/09 16:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 19:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 19:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/03 19:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 19:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 19:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 19:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 19:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 19:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/05/07 04:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
    [2001/02/01 16:10:20 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  20. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    Extras file wont post...

    You have included 8 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

    Images include use of smilies, the BB code [​IMG]
  21. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Attach Extras.txt log.

    You didn't say:
  22. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    Computer seems to be doing ok, still getting popups, and AVG seems to be neutered (tray icon is there, but its not reporting any of its services working...)

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities
    Install fresh copy.

    When exactly do those pop-ups happen?
    While using browser? Which one?
    If all browsers are closed?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
      SRV - File not found [Auto | Stopped] -- -- (NFService)
      SRV - File not found [Auto | Stopped] -- -- (imap4d32)
      SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
      SRV - File not found [Auto | Stopped] -- -- (centennialclientagent)
      IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
      O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      [2012/02/14 13:54:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
      [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
      [2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
      [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l
      [2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l
      [2011/12/16 15:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJ82c.exe.b
      [2011/12/16 15:06:53 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat
      [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3
      [2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41

    The popups were random (and so far havent popped back up, but im suspicious since they have gone days w/o one)
    Any browser, but pop up in Firefox (default)
    Not sure, I rarely had no browser open.




    On Preparing Done! in Security Check, it errors with netsh.exe

    The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

    Dunno if this is an issue, so waiting to see if I should go forward anyway (it did pop up a log of sorts regardless)



    All processes killed
    ========== OTL ==========
    Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
    Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
    Service NFService stopped successfully!
    Service NFService deleted successfully!
    Service imap4d32 stopped successfully!
    Service imap4d32 deleted successfully!
    Service GoogleDesktopManager-092308-165331 stopped successfully!
    Service GoogleDesktopManager-092308-165331 deleted successfully!
    Service centennialclientagent stopped successfully!
    Service centennialclientagent deleted successfully!
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
    C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l moved successfully.
    C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l moved successfully.
    C:\WINDOWS\system32\HJ82c.exe.b moved successfully.
    C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat moved successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
    C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56502 bytes

    User: HP_Administrator
    ->Temp folder emptied: 31384341 bytes
    ->Temporary Internet Files folder emptied: 649789 bytes
    ->Java cache emptied: 636770 bytes
    ->FireFox cache emptied: 173753805 bytes
    ->Google Chrome cache emptied: 114963658 bytes
    ->Flash cache emptied: 473137012 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 14093 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 15574 bytes

    %systemdrive% .tmp files removed: 14648 bytes
    %systemroot% .tmp files removed: 299218 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 158734 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 758.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Java cache emptied: 0 bytes

    User: LocalService
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.32.0 log created on 02192012_204248

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\JET9CC3.tmp not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d04.dat not found!

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 2 x86
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 2012
    ESET Online Scanner v3
    Privatefirewall 7.0
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Spybot - Search & Destroy
    Windows Defender
    ThreatFire
    HijackThis 2.0.2
    CCleaner
    WinCleaner Memory Optimizer Version 5.2
    Java(TM) 6 Update 31
    Out of date Java installed!
    Adobe Flash Player 11.1.102.62
    Mozilla Thunderbird (1.5.0) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ThreatFire TFTray.exe
    ThreatFire TFService.exe
    Privatefirewall 6.1 pfsvc.exe
    Privacyware Privatefirewall 7.0 PFGUI.exe
    ``````````End of Log````````````


    I call bullshit on "out of date" java...
  25. rubydreamer

    rubydreamer Newcomer, in training Topic Starter Posts: 41



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.