TechSpot

XP Antivirus 2012 and other Malware

By Sammy22
Dec 16, 2011
  1. For the past month or so, I have been battling some malware and virus issues that include the faux XP Antivirus notification. I believe there was also an issue with netbt.sys. AVG Antivirus, Avast, and Malware Bytes have done a decent job of limiting damage, but the problems continue. The impacts include; computer shutting off randomly, slower system performance, and hijacked applications.

    Logs to follow shortly...
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8354

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    12/15/2011 8:23:56 PM
    mbam-log-2011-12-15 (20-23-56).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 366302
    Time elapsed: 2 hour(s), 23 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (3f) Good: (exefile) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\fname lname\AppData\Local\vdq.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

    ***********************************

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-15 21:09:03
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO
    Running: 1sn30pcr.exe; Driver: C:\Users\RYANRE~1\AppData\Local\Temp\pxlyyuow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FE2C7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  4. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by FName LName at 22:41:57 on 2011-12-15
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1575 [GMT -5:00]
    .
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
    C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\sttray.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
    mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [googletalk] c:\users\fname lname\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [HostManager] c:\program files\common files\aol\1230828047\ee\AOLSoftware.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    StartupFolder: c:\users\fnamere~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=7B01D6FA-80C1-4DAB-A5B8-1DC6210949C9&apn_ptnrs=GG&apn_sauid=235D3102-95C0-41F7-8F76-684365DD26C4&apn_dtid=YYYYYYB3US&q=
    FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
    FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
    FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\fname lname\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\fname lname\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\users\fname lname\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\fname lname\appdata\roaming\Move Networks
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-29 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-29 314456]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-29 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-29 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-29 44768]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-4 366152]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
    R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2010-10-26 28256]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-4 22216]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-7 167264]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-23 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
    S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2010-10-26 28256]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-12-16 01:53:54 -------- d-----w- c:\users\fname lname\appdata\local\{ADE71AE9-9B4D-46A5-B134-F7730EC1678C}
    2011-12-16 01:53:41 -------- d-----w- c:\users\fname lname\appdata\local\{DFF8D878-2D9F-4041-B558-605F3E1302C2}
    2011-12-15 13:00:51 -------- d-----w- c:\users\fname lname\appdata\local\{38A1C4DF-6B79-4376-A636-86D2FE17A0E9}
    2011-12-15 13:00:36 -------- d-----w- c:\users\fname lname\appdata\local\{8C78F3FF-4ABA-41B3-B13C-4928EDDBF4F2}
    2011-12-15 01:50:23 -------- d-----w- c:\users\fname lname\appdata\local\{EB89C177-6E17-4588-9280-E77E0392698F}
    2011-12-15 01:50:16 -------- d-----w- c:\users\fname lname\appdata\local\{A00577AC-AF7A-4923-9075-4E1222A207C8}
    2011-12-14 12:54:37 -------- d-----w- c:\users\fname lname\appdata\local\{52D0C189-24D2-4B09-90F6-3120E7054EAC}
    2011-12-14 12:54:22 -------- d-----w- c:\users\fname lname\appdata\local\{653F728F-03FD-4E86-990F-625C76E0C1BF}
    2011-12-14 02:35:54 -------- d-----w- c:\users\fname lname\appdata\local\{593CE855-6329-4112-A134-71A15A55DE7B}
    2011-12-13 23:33:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-13 23:33:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-13 23:33:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-13 23:33:25 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-13 23:33:22 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-13 23:33:20 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-13 23:32:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-13 23:16:00 -------- d-----w- c:\users\fname lname\appdata\local\{81D750CB-37D8-401F-9138-DD22F9EC9CB8}
    2011-12-13 23:15:47 -------- d-----w- c:\users\fname lname\appdata\local\{B8CC1A4C-3D7C-40D2-A1C5-4C02264A28B9}
    2011-12-13 12:59:10 -------- d-----w- c:\users\fname lname\appdata\local\{743A54C9-A92D-4BBB-B563-0AC222AE128C}
    2011-12-13 12:58:58 -------- d-----w- c:\users\fname lname\appdata\local\{E3EA28CE-75A2-4E39-B0A9-2254063AB45A}
    2011-12-13 02:49:32 -------- d-----w- c:\users\fname lname\appdata\local\{3C516639-0929-4E0F-8B74-AA91DE7C4AC6}
    2011-12-13 02:49:25 -------- d-----w- c:\users\fname lname\appdata\local\{8988CAC5-1825-4613-8EA5-766D58569F67}
    2011-12-12 22:55:31 -------- d-----w- c:\users\fname lname\appdata\local\{F4805897-6267-4606-A9AA-72A486764C60}
    2011-12-12 22:55:20 -------- d-----w- c:\users\fname lname\appdata\local\{152FA511-39F9-4D99-9101-019919132B0E}
    2011-12-12 12:54:26 -------- d-----w- c:\users\fname lname\appdata\local\{78AF7FBF-8419-466B-A0F0-9FBDECA9423B}
    2011-12-12 12:54:21 -------- d-----w- c:\users\fname lname\appdata\local\{8D4F97A0-ABEB-4B76-87AF-9F90FBA9BC2E}
    2011-12-11 19:05:08 -------- d-----w- c:\users\fname lname\appdata\local\{A9B6FBF1-6DB2-4D5F-9567-EABD954A16E3}
    2011-12-11 19:05:07 -------- d-----w- c:\users\fname lname\appdata\local\{3C046837-54D5-4862-9009-DC5ABBC49A7C}
    2011-12-11 15:33:12 -------- d-----w- c:\programdata\AVG Secure Search
    2011-12-11 15:33:04 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-12-11 15:33:02 -------- d-----w- c:\program files\AVG Secure Search
    2011-12-11 15:19:22 -------- d-----w- c:\users\fname lname\appdata\local\{290D27C9-BF77-481B-9904-96BC47708D22}
    2011-12-11 15:19:09 -------- d-----w- c:\users\fname lname\appdata\local\{8BE8B0F7-FB82-4CD1-8A81-C79AFB6530BD}
    2011-12-11 03:34:19 -------- d-----w- c:\users\fname lname\appdata\local\{17A956AF-52EF-4489-A126-ED593F795A4C}
    2011-12-11 03:34:10 -------- d-----w- c:\users\fname lname\appdata\local\{91D7F1A0-8F99-42A2-A7D7-3F93B66DA41D}
    2011-12-10 14:29:16 -------- d-----w- c:\users\fname lname\appdata\local\{52C2DB27-E8B2-447F-A3F2-B49E5B7E1C4E}
    2011-12-10 14:29:04 -------- d-----w- c:\users\fname lname\appdata\local\{A7F8ACCD-86F1-41D4-A74F-E417BC95AB7A}
    2011-12-10 03:43:26 -------- d-----w- c:\users\fname lname\appdata\local\{71D4FA57-5F62-4D02-AFE6-4221F0EF0A35}
    2011-12-10 03:43:12 -------- d-----w- c:\users\fname lname\appdata\local\{FCC84171-3731-488C-A371-800674A373A7}
    2011-12-09 22:05:50 -------- d-----w- c:\users\fname lname\appdata\local\{2C2161FA-E954-4AB1-85C5-4A2AF78CE229}
    2011-12-09 22:05:45 -------- d-----w- c:\users\fname lname\appdata\local\{C48B8FF1-C0C4-4504-97C3-9E3E10A945EB}
    2011-12-08 22:58:32 -------- d-----w- c:\users\fname lname\appdata\local\{5354FF42-3DB0-4417-837E-AFB36FF2E864}
    2011-12-08 22:58:20 -------- d-----w- c:\users\fname lname\appdata\local\{58528AEC-872A-46DF-B890-9C20281C2ED4}
    2011-12-08 13:00:42 -------- d-----w- c:\users\fname lname\appdata\local\{B74472AC-4E3B-404A-8005-B6873950F252}
    2011-12-08 13:00:40 -------- d-----w- c:\users\fname lname\appdata\local\{FB86E75D-F52A-4F51-8112-1A71AB078FF8}
    2011-12-07 23:02:06 -------- d-----w- c:\users\fname lname\appdata\local\{AF0F43C5-23C7-4606-8E05-67F05268D289}
    2011-12-07 23:01:54 -------- d-----w- c:\users\fname lname\appdata\local\{B57C035D-AD91-4F38-A50E-0D407D8491DD}
    2011-12-07 13:00:56 -------- d-----w- c:\users\fname lname\appdata\local\{CA8E0B6D-78ED-4287-B723-0B8A18AA8D95}
    2011-12-07 13:00:43 -------- d-----w- c:\users\fname lname\appdata\local\{2780868F-DD11-45D3-A7BC-1004223BE700}
    2011-12-06 23:21:23 -------- d-----w- c:\users\fname lname\appdata\local\{36DB32AD-F60F-4C1D-A8C5-2F6CEB9033C4}
    2011-12-06 23:21:11 -------- d-----w- c:\users\fname lname\appdata\local\{3841C196-22AE-4D36-8F4F-6D5840DA71DA}
    2011-12-06 13:07:27 -------- d-----w- c:\users\fname lname\appdata\local\{4A2899C1-D37F-46FB-AD07-4AB56EF995BD}
    2011-12-06 13:07:26 -------- d-----w- c:\users\fname lname\appdata\local\{2F69187E-8BAB-4FF5-899D-0942EA12F1F7}
    2011-12-05 23:15:17 -------- d-----w- c:\users\fname lname\appdata\local\{DC4829C6-6FAF-4BDE-AFC4-E03AF03A54A3}
    2011-12-05 23:15:04 -------- d-----w- c:\users\fname lname\appdata\local\{4424DE16-D8EE-4450-B18C-1264E2FF1B13}
    2011-12-05 13:05:07 -------- d-----w- c:\users\fname lname\appdata\local\{D83DED76-5815-4BC4-8741-D6B8D9CA1586}
    2011-12-05 13:04:55 -------- d-----w- c:\users\fname lname\appdata\local\{D806AD2A-1DF2-4E88-BAB8-5041FDF73A41}
    2011-12-04 14:53:57 -------- d-----w- c:\users\fname lname\appdata\local\{B0D16FD4-FAD1-41F2-9D0D-AB2C413C0ACE}
    2011-12-04 14:53:44 -------- d-----w- c:\users\fname lname\appdata\local\{88EE9727-A028-4295-A681-CA737D6B0128}
    2011-12-03 14:56:23 -------- d-----w- c:\users\fname lname\appdata\local\{4BFC9364-226F-415D-A868-2F58F7A770EC}
    2011-12-03 14:56:10 -------- d-----w- c:\users\fname lname\appdata\local\{65089BEA-756F-42C0-88B1-D0107CE4CF8A}
    2011-12-03 01:28:33 -------- d-----w- c:\users\fname lname\appdata\local\{26D41BB7-DBC7-4F21-9DF9-3C082BF8DD8E}
    2011-12-03 01:28:21 -------- d-----w- c:\users\fname lname\appdata\local\{F38551ED-6BEA-4B85-A6C3-8EA726FD153C}
    2011-12-02 23:15:09 -------- d-----w- c:\users\fname lname\appdata\local\{55F173B2-899A-4643-B4B7-6B0D61D1FF95}
    2011-12-02 23:14:56 -------- d-----w- c:\users\fname lname\appdata\local\{A767DD70-3E0E-4065-8073-9F9C36F2CBD7}
    2011-12-02 13:07:36 -------- d-----w- c:\users\fname lname\appdata\local\{5D233606-072D-4E01-A9D8-1A042119274C}
    2011-12-02 13:07:24 -------- d-----w- c:\users\fname lname\appdata\local\{4C6F518C-C909-4F85-AE1A-3F814944FECB}
    2011-12-01 22:56:05 -------- d-----w- c:\users\fname lname\appdata\local\{75B147F5-9389-4F64-932B-B7543FC076C5}
    2011-12-01 22:55:53 -------- d-----w- c:\users\fname lname\appdata\local\{70A58D7A-3BD5-4A05-B424-F456DA84DF8B}
    2011-12-01 13:09:53 -------- d-----w- c:\users\fname lname\appdata\local\{BFC2F997-1E01-4BCC-93AF-2193CC78D237}
    2011-12-01 13:09:40 -------- d-----w- c:\users\fname lname\appdata\local\{48D9EAC0-8C2F-49C3-AE23-DBEC268A519E}
    2011-12-01 03:53:22 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-12-01 03:42:53 -------- d-----w- c:\programdata\Trend Micro
    2011-12-01 03:42:23 -------- d-----w- c:\users\fname lname\appdata\local\{B1B9CCE5-07EE-43BE-980F-DF9A1F2F355B}
    2011-12-01 03:42:11 -------- d-----w- c:\users\fname lname\appdata\local\{B5C37A32-7F53-47E9-B58B-CAACF03730C1}
    2011-12-01 03:32:58 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    2011-11-30 22:56:41 -------- d-----w- c:\users\fname lname\appdata\local\{4BF7D56C-CFB1-4559-B821-317825C588F6}
    2011-11-30 22:56:26 -------- d-----w- c:\users\fname lname\appdata\local\{4579AA29-7CBA-494F-90D7-2BE506341DB0}
    2011-11-30 13:11:30 -------- d-----w- c:\users\fname lname\appdata\local\{B75C84A0-707F-4080-B676-6EC14A74347B}
    2011-11-30 13:11:29 -------- d-----w- c:\users\fname lname\appdata\local\{3D488A34-269C-4023-8C00-3B5E5F3C1F95}
    2011-11-30 04:43:57 -------- d-----w- c:\programdata\AVG2012
    2011-11-30 04:37:57 -------- d-----w- c:\users\fname lname\appdata\local\{A73E9E47-408C-4E96-99A1-0E8A58CECFCD}
    2011-11-30 04:37:56 -------- d-----w- c:\users\fname lname\appdata\local\{589B1D1D-16FA-476B-BDE6-7D0E214A4C75}
    2011-11-30 02:38:32 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-11-30 00:32:57 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-30 00:32:54 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-30 00:32:12 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-30 00:31:53 -------- d-----w- c:\programdata\AVAST Software
    2011-11-30 00:31:53 -------- d-----w- c:\program files\AVAST Software
    2011-11-30 00:09:13 -------- d-----w- c:\program files\Trend Micro
    2011-11-29 17:13:30 -------- d-----w- c:\users\fname lname\appdata\local\{E93A4C1C-17AC-4A32-B879-215B16E09882}
    2011-11-29 17:13:17 -------- d-----w- c:\users\fname lname\appdata\local\{3FF6016A-9D7F-43DE-88DC-CC7F382FFDD5}
    2011-11-29 13:08:08 -------- d-----w- c:\users\fname lname\appdata\local\{7A74A1CC-1F6D-4E04-B1DF-36CE072B45E4}
    2011-11-29 13:07:57 -------- d-----w- c:\users\fname lname\appdata\local\{E7794804-8CEB-4043-824C-FE698C22DD43}
    2011-11-28 22:50:20 -------- d-----w- c:\users\fname lname\appdata\local\{174C6A31-A1A9-4802-9E1E-173CC099B2ED}
    2011-11-28 22:50:08 -------- d-----w- c:\users\fname lname\appdata\local\{C6627B21-2C75-4EEA-BF41-0B604E1ED978}
    2011-11-28 13:06:48 -------- d-----w- c:\users\fname lname\appdata\local\{B70513A6-A212-45E1-B629-A40C53124A27}
    2011-11-28 13:06:47 -------- d-----w- c:\users\fname lname\appdata\local\{A0EF3092-7A47-4B46-9E9E-71AC15DC0003}
    2011-11-27 18:35:29 -------- d-----w- c:\users\fname lname\appdata\local\{717A19F1-67AE-4DE4-8663-764987529A8A}
    2011-11-27 18:35:25 -------- d-----w- c:\users\fname lname\appdata\local\{EF49DADB-027D-425E-99C9-15CD08F21416}
    2011-11-27 16:50:57 -------- d-----w- c:\users\fname lname\appdata\local\{EB9AFA10-F61C-4DBD-A4B5-4F6CBF468D63}
    2011-11-27 16:50:41 -------- d-----w- c:\users\fname lname\appdata\local\{7180099B-308F-4C36-B328-F9AB9F67A606}
    2011-11-27 03:03:20 -------- d-----w- c:\users\fname lname\appdata\local\{BE594E07-6B8F-4C7E-827A-AD897227263F}
    2011-11-25 19:30:27 -------- d-----w- c:\users\fname lname\appdata\local\{38FFA232-C039-4F4C-9C36-BE2167C1A301}
    2011-11-25 19:30:15 -------- d-----w- c:\users\fname lname\appdata\local\{8970C49C-3EAA-47AB-9885-6F9699D9B5A6}
    2011-11-25 17:49:15 -------- d-----w- c:\users\fname lname\appdata\local\{DF19B9DD-8A62-4E5C-B3E8-8A10C07911A9}
    2011-11-25 17:49:02 -------- d-----w- c:\users\fname lname\appdata\local\{21B11D31-F445-418A-9658-6F87FE3C1FBA}
    2011-11-25 15:43:40 -------- d-----w- c:\users\fname lname\appdata\local\{8CB350D2-7B83-4FE7-BB6C-413174613EA6}
    2011-11-25 15:43:28 -------- d-----w- c:\users\fname lname\appdata\local\{7A5FA540-08C8-439A-8988-44C2AD7358D7}
    2011-11-25 04:40:00 -------- d-----w- c:\users\fname lname\appdata\local\{F0B9542E-BEBA-4317-BBD7-C8E6485E85CA}
    2011-11-25 04:39:59 -------- d-----w- c:\users\fname lname\appdata\local\{E07366B8-D3BB-489A-9954-C0DCDCDC3711}
    2011-11-25 01:59:55 -------- d-----w- c:\users\fname lname\appdata\local\{2E436EE3-05DC-4F5A-88BA-CB438F1FFF7D}
    2011-11-25 01:59:16 -------- d-----w- c:\users\fname lname\appdata\local\{DFAFACCE-A417-431F-B003-5D874DD3342B}
    2011-11-24 18:30:17 -------- d-----w- c:\users\fname lname\appdata\local\{74FEACA2-676B-46DC-887F-0BAC8654540D}
    2011-11-24 18:29:47 -------- d-----w- c:\users\fname lname\appdata\local\{1B78BE29-CD47-4DA4-9BCA-7626B2F98B29}
    2011-11-24 18:03:29 -------- d-----w- c:\users\fname lname\appdata\local\{5A212C01-A0CF-40E3-A303-F5F898020F41}
    2011-11-24 18:02:58 -------- d-----w- c:\users\fname lname\appdata\local\{5AAAAB42-5495-4464-B0D2-8D534D33186C}
    2011-11-24 17:12:15 -------- d-----w- c:\users\fname lname\appdata\local\{65554DAE-A846-45E0-813D-42B819FA267A}
    2011-11-24 17:11:45 -------- d-----w- c:\users\fname lname\appdata\local\{74002668-6F92-4C69-BAC4-A84BF57FE22B}
    2011-11-24 16:44:55 -------- d-----w- c:\users\fname lname\appdata\local\{378E4D86-4136-4B80-A0CD-163D2A1C6E7F}
    2011-11-24 16:44:24 -------- d-----w- c:\users\fname lname\appdata\local\{00B0D81A-0A4E-4200-8F6E-48668031402C}
    2011-11-24 15:47:46 -------- d-----w- c:\users\fname lname\appdata\local\{94C2E2A1-2758-4E06-B56E-26A589C0F7FE}
    2011-11-24 15:47:16 -------- d-----w- c:\users\fname lname\appdata\local\{49950FA5-DA01-47AC-85B1-94C78D210DD4}
    2011-11-24 04:22:19 -------- d-----w- c:\users\fname lname\appdata\local\{E9A3B058-04A9-4450-8EA2-B1C505C33E6E}
    2011-11-24 04:21:47 -------- d-----w- c:\users\fname lname\appdata\local\{FF92CD3F-7290-462A-9B01-7F41364B20BE}
    2011-11-24 01:43:26 -------- d-----w- c:\users\fname lname\appdata\local\{B7BEB154-31F3-4CC6-80D3-2203451078CD}
    2011-11-24 00:48:09 -------- d-----w- c:\users\fname lname\appdata\local\{91298011-A38C-43BD-8419-900B2989B815}
    2011-11-24 00:47:40 -------- d-----w- c:\users\fname lname\appdata\local\{43AE4660-5901-4760-8D99-F3FCBA1CEF0E}
    2011-11-24 00:08:45 -------- d-----w- c:\users\fname lname\appdata\local\{0B0996BD-CA5D-490F-B1CA-314BD33E4EEE}
    2011-11-24 00:08:15 -------- d-----w- c:\users\fname lname\appdata\local\{F24487EF-43B0-415F-8102-9878B789F766}
    2011-11-23 18:13:48 -------- d-----w- c:\users\fname lname\appdata\local\{0116AE6E-17CD-4106-ADA9-44BEC919F2CE}
    2011-11-23 00:13:25 -------- d-----w- c:\users\fname lname\appdata\local\{A213DD3C-0378-4FF5-AA49-AD9770EAF914}
    2011-11-23 00:12:59 -------- d-----w- c:\users\fname lname\appdata\local\{102DF5BC-D167-4B88-AF49-CB07E1F15CB6}
    2011-11-22 20:38:02 -------- d-----w- c:\users\fname lname\appdata\local\{79397ED6-C5F4-4D13-A6EF-2FB385B325C4}
    2011-11-22 20:37:41 -------- d-----w- c:\users\fname lname\appdata\local\{40120A0E-DE78-4FBE-86BE-C6D0171B7470}
    2011-11-22 13:16:56 -------- d-----w- c:\users\fname lname\appdata\local\{6CB6EBC8-DD06-4E8D-A535-42B6D9F8A33B}
    2011-11-22 13:16:35 -------- d-----w- c:\users\fname lname\appdata\local\{C38DCB21-5A48-48DE-B1F4-E6D21CCB3C00}
    2011-11-21 23:28:49 -------- d-----w- c:\users\fname lname\appdata\local\{B1C4A133-57F6-406B-80E1-76A392E6FDF4}
    2011-11-21 23:28:28 -------- d-----w- c:\users\fname lname\appdata\local\{CD4BEE6E-7943-4620-A2D4-455584C6648A}
    2011-11-21 13:10:11 -------- d-----w- c:\users\fname lname\appdata\local\{95C078DF-B4F3-44A4-A1BE-81816500434E}
    2011-11-21 13:09:49 -------- d-----w- c:\users\fname lname\appdata\local\{CEDEED44-5AD1-42FA-BA17-3118DC229390}
    2011-11-20 15:04:02 -------- d-----w- c:\users\fname lname\appdata\local\{7D0491CF-6467-4F6F-8213-9FBA6386A49B}
    2011-11-19 14:49:03 -------- d-----w- c:\users\fname lname\appdata\local\{5AA5550D-4D49-4FE2-8DB3-1B3110B9E26C}
    2011-11-19 14:48:40 -------- d-----w- c:\users\fname lname\appdata\local\{2AB63947-168B-4A58-AF22-84ED99ACEC8A}
    2011-11-19 05:00:47 -------- d-----w- c:\users\fname lname\appdata\local\{677EC099-1463-4A01-AFA0-0437F41D0A8E}
    2011-11-19 05:00:19 -------- d-----w- c:\users\fname lname\appdata\local\{ABE254E7-4D19-493C-B06C-56E0D984BCE6}
    2011-11-18 13:02:32 -------- d-----w- c:\users\fname lname\appdata\local\{42C31592-94D3-43BE-9897-49188A5D4E78}
    2011-11-18 13:02:11 -------- d-----w- c:\users\fname lname\appdata\local\{DFF8EFD6-7263-415B-ACD0-3F79F092BFCF}
    2011-11-17 22:55:23 -------- d-----w- c:\users\fname lname\appdata\local\{47EA8728-CEF9-460C-A570-6CCEDD5A80C6}
    2011-11-17 22:55:02 -------- d-----w- c:\users\fname lname\appdata\local\{E31105EC-B1EA-45D6-A1B0-628EE23DFAC2}
    2011-11-17 12:42:50 -------- d-----w- c:\users\fname lname\appdata\local\{D7512AE7-739D-44BD-8A51-D02BE0E70BB9}
    2011-11-17 12:42:29 -------- d-----w- c:\users\fname lname\appdata\local\{1A5ECBAA-D02D-49D3-815E-807BB0B07734}
    2011-11-17 02:58:10 -------- d-----w- c:\users\fname lname\appdata\local\{A7F26AAB-BB1D-430D-9ECC-38A57CCD4D23}
    2011-11-17 02:57:48 -------- d-----w- c:\users\fname lname\appdata\local\{3D173FDA-F401-46A4-8225-C41C24E8FFDE}
    2011-11-17 00:44:16 -------- d-----w- c:\users\fname lname\appdata\local\{A9949550-6522-4FDE-846C-6B4B0FFBD9F8}
    2011-11-17 00:43:51 -------- d-----w- c:\users\fname lname\appdata\local\{C0AA4413-2A0F-4E44-9E0F-87166259AC81}
    2011-11-16 13:02:19 -------- d-----w- c:\users\fname lname\appdata\local\{6329FB76-F0D9-415A-A6A4-A666E9DE8EEB}
    2011-11-16 13:02:09 -------- d-----w- c:\users\fname lname\appdata\local\{13E9122D-6DE7-4CE0-A137-6FA2D8C17572}
    .
    ==================== Find3M ====================
    .
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 22:42:19.09 ===============
     
  5. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    DDS Log #2...

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/10/2008 3:02:06 AM
    System Uptime: 12/15/2011 8:48:49 PM (2 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 14.823 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 5.18 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7563A_________________WX05____\5&28069620&0&0.0.0
    Manufacturer: (Standard CD-ROM drives)
    Name: Optiarc DVD RW AD-7563A ATA Device
    PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7563A_________________WX05____\5&28069620&0&0.0.0
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    Agere Systems HDA Modem
    AIM 7
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE
    Ask Toolbar
    avast! Free Antivirus
    AVG 2011
    AVG 2012
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.4
    BigFix
    Bing Bar
    BitTorrent
    Bonjour
    Browser Address Error Redirector
    Camera Assistant Software for Gateway
    CamStudio
    CDBurnerXP
    CleanUp!
    Codec Pack - All In 1 6.0.3.0
    Compatibility Pack for the 2007 Office system
    CyberLink Power2Go
    D3DX10
    DivX Setup
    Download Updater (AOL LLC)
    Express Burn Disc Burning Software
    Gateway Games
    Gateway Recovery Center Installer
    GearDrvs
    Google Chrome
    Google Desktop
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GRE POWERPREP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Jaksta Streaming Media Recorder
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 5
    Junk Mail filter update
    LabelPrint
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.6.24)
    MP4 Player
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyAshampoo Toolbar
    Napster
    Napster Burn Engine
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    neroxml
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OJOsoft Total Video Converter
    PokerStars
    POWERPREP II
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek USB 2.0 Card Reader
    RTC Client API v1.2
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    WavePad Sound Editor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/15/2011 8:50:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
    12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    12/15/2011 8:50:50 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/15/2011 8:49:16 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    12/15/2011 7:25:53 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    12/14/2011 9:09:34 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/13/2011 9:40:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/13/2011 9:33:21 PM, Error: EventLog [6008] - The previous system shutdown at 9:31:38 PM on 12/13/2011 was unexpected.
    12/13/2011 11:45:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/13/2011 11:45:24 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/13/2011 11:38:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/13/2011 11:34:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    12/12/2011 7:48:37 AM, Error: EventLog [6008] - The previous system shutdown at 12:21:48 AM on 12/12/2011 was unexpected.
    12/12/2011 12:07:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    12/12/2011 12:07:43 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/11/2011 3:13:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater service to connect.
    12/11/2011 3:13:39 PM, Error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/11/2011 3:12:04 PM, Error: EventLog [6008] - The previous system shutdown at 3:10:01 PM on 12/11/2011 was unexpected.
    12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
    12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
    If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Alright, Norton has been deleted.

    TDSS Log is below...

    21:28:48.0694 5552 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    21:28:49.0035 5552 ============================================================
    21:28:49.0035 5552 Current date / time: 2011/12/16 21:28:49.0035
    21:28:49.0035 5552 SystemInfo:
    21:28:49.0035 5552
    21:28:49.0036 5552 OS Version: 6.0.6002 ServicePack: 2.0
    21:28:49.0036 5552 Product type: Workstation
    21:28:49.0036 5552 ComputerName: FNAMELNAME-PC
    21:28:49.0036 5552 UserName: Fname Lname
    21:28:49.0036 5552 Windows directory: C:\Windows
    21:28:49.0036 5552 System windows directory: C:\Windows
    21:28:49.0036 5552 Processor architecture: Intel x86
    21:28:49.0036 5552 Number of processors: 2
    21:28:49.0036 5552 Page size: 0x1000
    21:28:49.0036 5552 Boot type: Normal boot
    21:28:49.0036 5552 ============================================================
    21:28:49.0613 5552 Initialize success
    21:29:12.0426 5412 ============================================================
    21:29:12.0426 5412 Scan started
    21:29:12.0426 5412 Mode: Manual;
    21:29:12.0426 5412 ============================================================
    21:29:17.0641 5412 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:29:17.0671 5412 ACPI - ok
    21:29:18.0099 5412 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    21:29:18.0134 5412 adp94xx - ok
    21:29:18.0587 5412 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    21:29:18.0633 5412 adpahci - ok
    21:29:19.0390 5412 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    21:29:19.0416 5412 adpu160m - ok
    21:29:19.0777 5412 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    21:29:19.0796 5412 adpu320 - ok
    21:29:20.0289 5412 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:29:20.0335 5412 AFD - ok
    21:29:21.0034 5412 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:29:21.0062 5412 AgereSoftModem - ok
    21:29:21.0595 5412 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    21:29:21.0637 5412 agp440 - ok
    21:29:22.0090 5412 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:29:22.0120 5412 aic78xx - ok
    21:29:22.0353 5412 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    21:29:22.0375 5412 aliide - ok
    21:29:22.0664 5412 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    21:29:22.0681 5412 amdagp - ok
    21:29:22.0941 5412 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    21:29:22.0996 5412 amdide - ok
    21:29:23.0181 5412 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    21:29:23.0203 5412 AmdK7 - ok
    21:29:23.0497 5412 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    21:29:23.0522 5412 AmdK8 - ok
    21:29:24.0421 5412 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    21:29:24.0447 5412 arc - ok
    21:29:24.0928 5412 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    21:29:24.0955 5412 arcsas - ok
    21:29:25.0476 5412 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
    21:29:25.0477 5412 aswFsBlk - ok
    21:29:26.0176 5412 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
    21:29:26.0196 5412 aswMonFlt - ok
    21:29:26.0620 5412 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
    21:29:26.0641 5412 aswRdr - ok
    21:29:27.0083 5412 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
    21:29:27.0125 5412 aswSnx - ok
    21:29:27.0461 5412 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
    21:29:27.0522 5412 aswSP - ok
    21:29:27.0993 5412 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
    21:29:28.0019 5412 aswTdi - ok
    21:29:28.0491 5412 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:29:28.0516 5412 AsyncMac - ok
    21:29:28.0648 5412 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:29:28.0671 5412 atapi - ok
    21:29:29.0386 5412 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    21:29:29.0410 5412 AVGIDSDriver - ok
    21:29:29.0617 5412 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    21:29:29.0636 5412 AVGIDSEH - ok
    21:29:29.0903 5412 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    21:29:29.0923 5412 AVGIDSFilter - ok
    21:29:30.0104 5412 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    21:29:30.0116 5412 AVGIDSShim - ok
    21:29:30.0912 5412 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
    21:29:30.0939 5412 Avgldx86 - ok
    21:29:31.0054 5412 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
    21:29:31.0078 5412 Avgmfx86 - ok
    21:29:31.0636 5412 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
    21:29:31.0659 5412 Avgrkx86 - ok
    21:29:32.0043 5412 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
    21:29:32.0061 5412 Avgtdix - ok
    21:29:32.0729 5412 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:29:32.0752 5412 Beep - ok
    21:29:33.0181 5412 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    21:29:33.0207 5412 blbdrive - ok
    21:29:33.0408 5412 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:29:33.0445 5412 bowser - ok
    21:29:33.0878 5412 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:29:34.0096 5412 BrFiltLo - ok
    21:29:34.0273 5412 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:29:34.0289 5412 BrFiltUp - ok
    21:29:34.0722 5412 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:29:34.0746 5412 Brserid - ok
    21:29:34.0896 5412 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:29:35.0065 5412 BrSerWdm - ok
    21:29:35.0465 5412 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:29:35.0486 5412 BrUsbMdm - ok
    21:29:36.0048 5412 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:29:36.0074 5412 BrUsbSer - ok
    21:29:36.0567 5412 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:29:36.0589 5412 BTHMODEM - ok
    21:29:36.0922 5412 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:29:36.0948 5412 cdfs - ok
    21:29:37.0221 5412 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    21:29:37.0240 5412 circlass - ok
    21:29:37.0710 5412 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:29:37.0733 5412 CLFS - ok
    21:29:38.0489 5412 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:29:38.0530 5412 CmBatt - ok
    21:29:38.0693 5412 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    21:29:38.0711 5412 cmdide - ok
    21:29:39.0073 5412 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:29:39.0096 5412 Compbatt - ok
    21:29:39.0333 5412 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    21:29:39.0354 5412 crcdisk - ok
    21:29:39.0592 5412 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    21:29:39.0611 5412 Crusoe - ok
    21:29:40.0383 5412 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:29:40.0706 5412 DfsC - ok
    21:29:41.0513 5412 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:29:41.0533 5412 disk - ok
    21:29:41.0737 5412 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:29:41.0763 5412 drmkaud - ok
    21:29:42.0468 5412 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:29:42.0530 5412 DXGKrnl - ok
    21:29:42.0737 5412 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:29:42.0773 5412 E1G60 - ok
    21:29:43.0403 5412 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:29:43.0443 5412 Ecache - ok
    21:29:44.0129 5412 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    21:29:44.0175 5412 elxstor - ok
    21:29:44.0597 5412 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    21:29:44.0619 5412 ErrDev - ok
    21:29:45.0248 5412 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:29:45.0360 5412 exfat - ok
    21:29:45.0861 5412 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:29:46.0185 5412 fastfat - ok
    21:29:46.0738 5412 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    21:29:46.0762 5412 fdc - ok
    21:29:46.0859 5412 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:29:46.0878 5412 FileInfo - ok
    21:29:47.0305 5412 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:29:47.0324 5412 Filetrace - ok
    21:29:47.0486 5412 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:29:47.0508 5412 flpydisk - ok
    21:29:47.0861 5412 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:29:47.0897 5412 FltMgr - ok
    21:29:48.0383 5412 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    21:29:48.0407 5412 fssfltr - ok
    21:29:48.0791 5412 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    21:29:48.0809 5412 Fs_Rec - ok
    21:29:49.0073 5412 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    21:29:49.0096 5412 gagp30kx - ok
    21:29:49.0657 5412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    21:29:49.0682 5412 GEARAspiWDM - ok
    21:29:50.0472 5412 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:29:50.0524 5412 HdAudAddService - ok
    21:29:50.0940 5412 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:29:51.0009 5412 HDAudBus - ok
    21:29:51.0427 5412 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:29:51.0455 5412 HidBth - ok
    21:29:51.0882 5412 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:29:51.0955 5412 HidIr - ok
    21:29:52.0404 5412 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    21:29:52.0429 5412 HidUsb - ok
    21:29:52.0540 5412 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    21:29:52.0581 5412 HpCISSs - ok
    21:29:53.0080 5412 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    21:29:53.0149 5412 HTTP - ok
    21:29:53.0511 5412 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    21:29:53.0527 5412 i2omp - ok
    21:29:54.0325 5412 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:29:54.0348 5412 i8042prt - ok
    21:29:55.0092 5412 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    21:29:55.0345 5412 ialm - ok
    21:29:55.0833 5412 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
    21:29:55.0835 5412 iaStor - ok
    21:29:56.0516 5412 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    21:29:56.0560 5412 iaStorV - ok
    21:29:57.0539 5412 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:29:57.0674 5412 igfx - ok
    21:29:58.0267 5412 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:29:58.0291 5412 iirsp - ok
    21:29:58.0604 5412 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    21:29:58.0620 5412 intelide - ok
    21:29:59.0084 5412 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:29:59.0085 5412 intelppm - ok
    21:29:59.0588 5412 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:29:59.0610 5412 IpFilterDriver - ok
    21:29:59.0802 5412 IpInIp - ok
    21:30:00.0314 5412 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    21:30:00.0334 5412 IPMIDRV - ok
    21:30:00.0576 5412 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:30:00.0613 5412 IPNAT - ok
    21:30:00.0990 5412 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:30:01.0011 5412 IRENUM - ok
    21:30:01.0421 5412 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    21:30:01.0445 5412 isapnp - ok
    21:30:01.0893 5412 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:30:02.0044 5412 iScsiPrt - ok
    21:30:02.0337 5412 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:30:02.0359 5412 iteatapi - ok
    21:30:02.0689 5412 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:30:02.0706 5412 iteraid - ok
    21:30:03.0073 5412 JakNDis (36fd6c17ba40fc942cdb798b9e103db9) C:\Windows\system32\DRIVERS\JakNDis.sys
    21:30:03.0101 5412 JakNDis - ok
    21:30:03.0122 5412 JakNDisMP (36fd6c17ba40fc942cdb798b9e103db9) C:\Windows\system32\DRIVERS\JakNDis.sys
    21:30:03.0123 5412 JakNDisMP - ok
    21:30:03.0559 5412 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:30:03.0594 5412 kbdclass - ok
    21:30:03.0725 5412 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    21:30:03.0728 5412 kbdhid - ok
    21:30:04.0176 5412 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    21:30:04.0292 5412 KSecDD - ok
    21:30:04.0759 5412 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:30:04.0763 5412 lltdio - ok
    21:30:04.0891 5412 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    21:30:05.0002 5412 LSI_FC - ok
    21:30:05.0359 5412 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    21:30:05.0401 5412 LSI_SAS - ok
    21:30:05.0635 5412 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    21:30:05.0652 5412 LSI_SCSI - ok
    21:30:06.0104 5412 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:30:06.0131 5412 luafv - ok
    21:30:06.0367 5412 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    21:30:06.0369 5412 MBAMProtector - ok
    21:30:06.0558 5412 MBAMSwissArmy - ok
    21:30:06.0875 5412 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    21:30:06.0876 5412 megasas - ok
    21:30:07.0612 5412 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    21:30:07.0866 5412 MegaSR - ok
    21:30:08.0299 5412 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:30:08.0300 5412 Modem - ok
    21:30:08.0455 5412 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:30:08.0456 5412 monitor - ok
    21:30:08.0993 5412 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:30:09.0017 5412 mouclass - ok
    21:30:09.0396 5412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    21:30:09.0419 5412 mouhid - ok
    21:30:09.0776 5412 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:30:09.0799 5412 MountMgr - ok
    21:30:10.0272 5412 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    21:30:10.0311 5412 mpio - ok
    21:30:10.0451 5412 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:30:10.0476 5412 mpsdrv - ok
    21:30:10.0841 5412 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:30:10.0858 5412 Mraid35x - ok
    21:30:11.0377 5412 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:30:11.0416 5412 MRxDAV - ok
    21:30:11.0735 5412 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:30:11.0781 5412 mrxsmb - ok
    21:30:12.0218 5412 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:30:12.0326 5412 mrxsmb10 - ok
    21:30:12.0796 5412 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:30:12.0823 5412 mrxsmb20 - ok
    21:30:13.0563 5412 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    21:30:13.0580 5412 msahci - ok
    21:30:13.0686 5412 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    21:30:13.0690 5412 msdsm - ok
    21:30:13.0871 5412 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:30:13.0958 5412 Msfs - ok
    21:30:14.0071 5412 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:30:14.0085 5412 msisadrv - ok
    21:30:14.0594 5412 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:30:14.0612 5412 MSKSSRV - ok
    21:30:14.0903 5412 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:30:15.0209 5412 MSPCLOCK - ok
    21:30:15.0493 5412 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:30:15.0516 5412 MSPQM - ok
    21:30:16.0006 5412 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:30:16.0030 5412 MsRPC - ok
    21:30:16.0338 5412 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:30:16.0339 5412 mssmbios - ok
    21:30:16.0539 5412 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:30:16.0564 5412 MSTEE - ok
    21:30:16.0895 5412 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:30:17.0079 5412 Mup - ok
    21:30:17.0331 5412 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:30:17.0350 5412 NativeWifiP - ok
    21:30:17.0973 5412 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:30:18.0065 5412 NDIS - ok
    21:30:18.0491 5412 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:30:18.0515 5412 NdisTapi - ok
    21:30:18.0687 5412 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:30:18.0705 5412 Ndisuio - ok
    21:30:19.0089 5412 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:30:19.0124 5412 NdisWan - ok
    21:30:19.0203 5412 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:30:19.0222 5412 NDProxy - ok
    21:30:19.0329 5412 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:30:19.0332 5412 NetBIOS - ok
    21:30:19.0822 5412 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    21:30:19.0932 5412 NETw2v32 - ok
    21:30:20.0548 5412 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    21:30:20.0658 5412 NETw3v32 - ok
    21:30:21.0582 5412 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
    21:30:23.0706 5412 NETw4v32 - ok
    21:30:24.0284 5412 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:30:24.0287 5412 nfrd960 - ok
    21:30:24.0375 5412 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:30:24.0420 5412 Npfs - ok
    21:30:24.0517 5412 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:30:24.0519 5412 nsiproxy - ok
    21:30:24.0617 5412 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:30:24.0662 5412 Ntfs - ok
    21:30:24.0790 5412 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:30:24.0792 5412 ntrigdigi - ok
    21:30:24.0822 5412 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:30:24.0824 5412 Null - ok
    21:30:24.0852 5412 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    21:30:24.0856 5412 nvraid - ok
    21:30:24.0896 5412 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    21:30:24.0903 5412 nvstor - ok
    21:30:24.0940 5412 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    21:30:24.0944 5412 nv_agp - ok
    21:30:25.0049 5412 NwlnkFlt - ok
    21:30:25.0063 5412 NwlnkFwd - ok
    21:30:25.0185 5412 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:30:25.0189 5412 ohci1394 - ok
    21:30:25.0287 5412 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:30:25.0291 5412 Parport - ok
    21:30:25.0340 5412 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    21:30:25.0356 5412 partmgr - ok
    21:30:25.0385 5412 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:30:25.0387 5412 Parvdm - ok
    21:30:25.0456 5412 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:30:25.0462 5412 pci - ok
    21:30:25.0577 5412 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    21:30:25.0579 5412 pciide - ok
    21:30:25.0680 5412 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:30:25.0685 5412 pcmcia - ok
    21:30:25.0952 5412 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:30:25.0968 5412 PEAUTH - ok
    21:30:26.0260 5412 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:30:26.0263 5412 PptpMiniport - ok
    21:30:26.0299 5412 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    21:30:26.0301 5412 Processor - ok
    21:30:26.0538 5412 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:30:26.0540 5412 PSched - ok
    21:30:26.0714 5412 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    21:30:26.0748 5412 PxHelp20 - ok
    21:30:27.0138 5412 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    21:30:27.0159 5412 ql2300 - ok
    21:30:27.0442 5412 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:30:27.0446 5412 ql40xx - ok
    21:30:27.0492 5412 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:30:27.0508 5412 QWAVEdrv - ok
    21:30:27.0550 5412 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:30:27.0552 5412 RasAcd - ok
    21:30:27.0688 5412 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:30:27.0691 5412 Rasl2tp - ok
    21:30:27.0778 5412 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:30:27.0793 5412 RasPppoe - ok
    21:30:27.0844 5412 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:30:27.0869 5412 RasSstp - ok
    21:30:27.0961 5412 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:30:27.0987 5412 rdbss - ok
    21:30:28.0112 5412 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:30:28.0123 5412 RDPCDD - ok
    21:30:28.0195 5412 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    21:30:28.0241 5412 rdpdr - ok
    21:30:28.0349 5412 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:30:28.0351 5412 RDPENCDD - ok
    21:30:28.0509 5412 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    21:30:28.0534 5412 RDPWD - ok
    21:30:28.0693 5412 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:30:28.0713 5412 rspndr - ok
    21:30:28.0809 5412 RTL8169 (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:30:28.0828 5412 RTL8169 - ok
    21:30:28.0964 5412 RTSTOR (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
    21:30:28.0995 5412 RTSTOR - ok
    21:30:29.0078 5412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:30:29.0082 5412 sbp2port - ok
    21:30:29.0125 5412 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    21:30:29.0129 5412 sdbus - ok
    21:30:29.0398 5412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:30:29.0400 5412 secdrv - ok
    21:30:29.0566 5412 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:30:29.0568 5412 Serenum - ok
    21:30:29.0604 5412 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:30:29.0608 5412 Serial - ok
    21:30:29.0649 5412 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:30:29.0651 5412 sermouse - ok
    21:30:29.0804 5412 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    21:30:29.0880 5412 sffdisk - ok
    21:30:30.0327 5412 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    21:30:30.0330 5412 sffp_mmc - ok
    21:30:30.0402 5412 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    21:30:30.0433 5412 sffp_sd - ok
    21:30:30.0592 5412 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:30:30.0594 5412 sfloppy - ok
    21:30:30.0656 5412 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    21:30:30.0676 5412 sisagp - ok
    21:30:30.0710 5412 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    21:30:30.0712 5412 SiSRaid2 - ok
    21:30:30.0850 5412 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    21:30:30.0853 5412 SiSRaid4 - ok
    21:30:30.0929 5412 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:30:30.0933 5412 Smb - ok
    21:30:31.0095 5412 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:30:31.0098 5412 spldr - ok
    21:30:31.0280 5412 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:30:31.0287 5412 srv - ok
    21:30:31.0523 5412 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:30:31.0527 5412 srv2 - ok
    21:30:31.0543 5412 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:30:31.0547 5412 srvnet - ok
    21:30:31.0756 5412 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
    21:30:31.0772 5412 StarOpen - ok
    21:30:32.0169 5412 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
    21:30:32.0176 5412 STHDA - ok
    21:30:32.0494 5412 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:30:32.0497 5412 swenum - ok
    21:30:32.0540 5412 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:30:32.0564 5412 Symc8xx - ok
    21:30:32.0711 5412 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:30:32.0714 5412 Sym_hi - ok
    21:30:32.0758 5412 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:30:32.0761 5412 Sym_u3 - ok
    21:30:32.0818 5412 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    21:30:32.0823 5412 SynTP - ok
    21:30:33.0168 5412 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    21:30:33.0185 5412 Tcpip - ok
    21:30:33.0591 5412 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    21:30:33.0596 5412 Tcpip6 - ok
    21:30:33.0706 5412 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:30:33.0719 5412 tcpipreg - ok
    21:30:33.0846 5412 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:30:33.0859 5412 TDPIPE - ok
    21:30:34.0238 5412 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:30:34.0261 5412 TDTCP - ok
    21:30:34.0387 5412 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:30:34.0390 5412 tdx - ok
    21:30:34.0621 5412 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:30:34.0624 5412 TermDD - ok
    21:30:35.0016 5412 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
    21:30:35.0030 5412 tmtdi - ok
    21:30:35.0308 5412 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:30:35.0310 5412 tssecsrv - ok
    21:30:35.0369 5412 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:30:35.0371 5412 tunmp - ok
    21:30:35.0535 5412 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:30:35.0538 5412 tunnel - ok
    21:30:35.0632 5412 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    21:30:35.0651 5412 uagp35 - ok
    21:30:35.0804 5412 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:30:35.0810 5412 udfs - ok
    21:30:35.0862 5412 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    21:30:35.0887 5412 uliagpkx - ok
    21:30:36.0034 5412 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    21:30:36.0040 5412 uliahci - ok
    21:30:36.0081 5412 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:30:36.0090 5412 UlSata - ok
    21:30:36.0144 5412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:30:36.0173 5412 ulsata2 - ok
    21:30:36.0318 5412 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:30:36.0334 5412 umbus - ok
    21:30:36.0383 5412 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:30:36.0395 5412 usbccgp - ok
    21:30:36.0430 5412 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:30:36.0453 5412 usbcir - ok
    21:30:36.0558 5412 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:30:36.0561 5412 usbehci - ok
    21:30:36.0598 5412 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:30:36.0602 5412 usbhub - ok
    21:30:36.0767 5412 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    21:30:36.0770 5412 usbohci - ok
    21:30:37.0003 5412 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    21:30:37.0006 5412 usbprint - ok
    21:30:37.0109 5412 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:30:37.0154 5412 USBSTOR - ok
    21:30:37.0203 5412 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:30:37.0222 5412 usbuhci - ok
    21:30:37.0487 5412 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:30:37.0491 5412 usbvideo - ok
    21:30:37.0546 5412 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    21:30:37.0576 5412 UVCFTR - ok
    21:30:37.0712 5412 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:30:37.0734 5412 vga - ok
    21:30:37.0779 5412 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:30:37.0782 5412 VgaSave - ok
    21:30:37.0842 5412 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    21:30:37.0868 5412 viaagp - ok
    21:30:38.0131 5412 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    21:30:38.0135 5412 ViaC7 - ok
    21:30:38.0307 5412 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    21:30:38.0321 5412 viaide - ok
    21:30:38.0349 5412 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:30:38.0352 5412 volmgr - ok
    21:30:38.0394 5412 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:30:38.0422 5412 volmgrx - ok
    21:30:38.0599 5412 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:30:38.0605 5412 volsnap - ok
    21:30:38.0821 5412 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    21:30:38.0825 5412 vsmraid - ok
    21:30:38.0911 5412 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:30:38.0914 5412 WacomPen - ok
    21:30:39.0060 5412 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:30:39.0078 5412 Wanarp - ok
    21:30:39.0097 5412 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:30:39.0099 5412 Wanarpv6 - ok
    21:30:39.0388 5412 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    21:30:39.0392 5412 wanatw - ok
    21:30:39.0744 5412 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    21:30:39.0747 5412 Wd - ok
    21:30:39.0811 5412 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:30:39.0839 5412 Wdf01000 - ok
    21:30:39.0989 5412 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:30:39.0990 5412 WmiAcpi - ok
    21:30:40.0253 5412 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:30:40.0256 5412 ws2ifsl - ok
    21:30:40.0385 5412 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    21:30:40.0390 5412 yukonwlh - ok
    21:30:40.0459 5412 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    21:30:40.0479 5412 \Device\Harddisk0\DR0 - ok
    21:30:40.0482 5412 Boot (0x1200) (76a352b69bab15993cd1df7d1ab6fa17) \Device\Harddisk0\DR0\Partition0
    21:30:40.0483 5412 \Device\Harddisk0\DR0\Partition0 - ok
    21:30:40.0485 5412 Boot (0x1200) (5d0285eb757fb552e206821b1a84bac4) \Device\Harddisk0\DR0\Partition1
    21:30:40.0486 5412 \Device\Harddisk0\DR0\Partition1 - ok
    21:30:40.0487 5412 ============================================================
    21:30:40.0487 5412 Scan finished
    21:30:40.0487 5412 ============================================================
    21:30:40.0494 4948 Detected object count: 0
    21:30:40.0494 4948 Actual detected object count: 0
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Clearly I am doing something wrong with ComboFix. I have run it three different times and each time it will run for 10 - 20ish minutes and then automatically force close and shutdown my computer. When I reboot, the following dialog box appears..."The Recycle Bin on C:/ is corrupted. Do you want to empty the Recycle Bin for this drive? Yes/No"

    aswMBR log is below. I will await further instructions/clarification before proceeding further.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 21:52:24
    -----------------------------
    21:52:24.011 OS Version: Windows 6.0.6002 Service Pack 2
    21:52:24.011 Number of processors: 2 586 0xF0B
    21:52:24.014 ComputerName: FNAMELNAME-PC UserName: Fname Lname
    21:52:33.269 Initialize success
    21:52:34.020 AVAST engine defs: 11121603
    21:53:02.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    21:53:02.325 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
    21:53:02.370 Disk 0 MBR read successfully
    21:53:02.373 Disk 0 MBR scan
    21:53:02.376 Disk 0 Windows VISTA default MBR code
    21:53:02.381 Disk 0 scanning sectors +312576705
    21:53:02.456 Disk 0 scanning C:\Windows\system32\drivers
    21:53:15.727 Service scanning
    21:53:17.749 Modules scanning
    21:53:26.297 Disk 0 trace - called modules:
    21:53:26.315 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    21:53:26.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865d0810]
    21:53:26.321 3 CLASSPNP.SYS[8a7a78b3] -> nt!IofCallDriver -> [0x8552ccb8]
    21:53:26.649 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552e030]
    21:53:27.740 AVAST engine scan C:\Windows
    21:53:30.396 AVAST engine scan C:\Windows\system32
    21:55:28.705 AVAST engine scan C:\Windows\system32\drivers
    21:55:38.252 AVAST engine scan C:\Users\Fname Lname
    22:06:38.847 File: C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe **INFECTED** Win32:MalOb-HY [Cryp]
    22:08:37.134 AVAST engine scan C:\ProgramData
    22:15:32.470 Scan finished successfully
    22:16:03.854 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
    22:16:03.859 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
    22:16:49.200 Disk 0 MBR has been saved successfully to "C:\Users\Fname Lname\Desktop\Documents\MBR.dat"
    22:16:49.206 The log file has been saved successfully to "C:\Users\Fname Lname\Desktop\Documents\aswMBR.txt"
    22:18:17.794 Disk 0 MBR has been saved successfully to "C:\Users\Fname Lname\Desktop\MBR.dat"
    22:18:17.799 The log file has been saved successfully to "C:\Users\Fname Lname\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Re-run Combofix one more time.
    If same issue happens and it comes to this:
    say "Yes".
    Then re-run Combofix one more time.
    If still same issue try to run it from safe mode.
     
  11. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Alright, finally got ComboFix to run fine. Log is below...

    ComboFix 11-12-16.03 - Fname Lname 12/17/2011 14:50:55.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1711 [GMT -5:00]
    Running from: c:\users\Fname Lname\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files\Blinkx
    c:\program files\Blinkx\templates\index.html
    c:\program files\Blinkx\templates\noflash.html
    c:\program files\Blinkx\templates\offline.html
    c:\program files\Blinkx\templates\offline.swf
    c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
    c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
    c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Templates\607885p0r580t127s003l4glr2a8
    c:\users\Fname Lname\Documents\~WRL0715.tmp
    c:\users\Fname Lname\Documents\~WRL1735.tmp
    c:\users\Fname Lname\Taskmgr.exe
    c:\windows\$NtUninstallKB37556$
    c:\windows\$NtUninstallKB37556$\3159043839\@
    c:\windows\$NtUninstallKB37556$\3159043839\bckfg.tmp
    c:\windows\$NtUninstallKB37556$\3159043839\cfg.ini
    c:\windows\$NtUninstallKB37556$\3159043839\Desktop.ini
    c:\windows\$NtUninstallKB37556$\3159043839\keywords
    c:\windows\$NtUninstallKB37556$\3159043839\kwrd.dll
    c:\windows\$NtUninstallKB37556$\3159043839\L\qnbwvoto
    c:\windows\$NtUninstallKB37556$\3159043839\U\00000001.@
    c:\windows\$NtUninstallKB37556$\3159043839\U\00000002.@
    c:\windows\$NtUninstallKB37556$\3159043839\U\00000004.@
    c:\windows\$NtUninstallKB37556$\3159043839\U\80000000.@
    c:\windows\$NtUninstallKB37556$\3159043839\U\80000004.@
    c:\windows\$NtUninstallKB37556$\3159043839\U\80000032.@
    c:\windows\$NtUninstallKB37556$\385693575
    c:\windows\iun6002.exe
    D:\Autorun.inf
    .
    -- Previous Run --
    .
    c:\windows\system32\drivers\cdrom.sys was missing
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Fname Lname\AppData\Local\temp
    2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-17 16:33 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2011-12-14 14:56 . 2011-12-14 14:56 -------- d-----w- c:\programdata\WindowsSearch
    2011-12-13 23:33 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-13 23:33 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-13 23:33 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-13 23:33 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-13 23:33 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-13 23:33 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-13 23:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\programdata\AVG Secure Search
    2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\program files\AVG Secure Search
    2011-12-01 03:53 . 2011-12-01 03:23 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-12-01 03:42 . 2011-12-01 03:42 -------- d-----w- c:\programdata\Trend Micro
    2011-12-01 03:32 . 2011-12-01 03:32 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    2011-11-30 04:43 . 2011-11-30 04:45 -------- d-----w- c:\programdata\AVG2012
    2011-11-30 02:38 . 2011-11-30 04:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-11-30 00:33 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-30 00:33 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-30 00:33 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-30 00:33 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-30 00:32 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-30 00:32 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-30 00:32 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-30 00:32 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\programdata\AVAST Software
    2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\program files\AVAST Software
    2011-11-30 00:09 . 2011-12-01 13:05 -------- d-----w- c:\program files\Trend Micro
    2011-11-23 21:06 . 2011-11-23 21:06 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-20 21:02 . 2011-11-09 13:20 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-11-12 19:40 . 2009-11-12 19:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2011-12-11 15:33 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2009-12-31 15:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    c:\users\FNAMERE~1\AppData\Local\Temp\knf.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
    "googletalk"="c:\users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [BU]
    "HostManager"="c:\program files\Common Files\AOL\1230828047\ee\AOLSoftware.exe" [2006-09-26 50736]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [BU]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232]
    .
    c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-6-10 2342912]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
    S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
    .
    2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=7B01D6FA-80C1-4DAB-A5B8-1DC6210949C9&apn_ptnrs=GG&apn_sauid=235D3102-95C0-41F7-8F76-684365DD26C4&apn_dtid=YYYYYYB3US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Fname Lname\AppData\Roaming\Move Networks
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-17 15:03
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-12-17 15:06:11
    ComboFix-quarantined-files.txt 2011-12-17 20:05
    .
    Pre-Run: 14,525,272,064 bytes free
    Post-Run: 14,384,193,536 bytes free
    .
    - - End Of File - - BC3ED3A223EAF56712635EB5150C0FA4
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good :)

    Uninstall Ask Toolbar and McAfee Security Scan Plus, typical foistwares.

    Beside AVG I can also see Avast installed.
    I suggest you keep AVG off and keep Avast as your AV program.
    Let me know.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    
    File::
    C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
    c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
    
    Folder::
    c:\programdata\AVG Secure Search
    c:\program files\Common Files\AVG Secure Search
    c:\program files\AVG Secure Search
    c:\programdata\AVG2012
    
    
    Driver::
    vToolbarUpdater
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Trend Micro Client Framework"=-
    "vProt"=-
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Ask toolbar and McAfee Security Scan Plus have been deleted.

    New ComboFix log below...

    ComboFix 11-12-18.01 - Fname Lname 12/18/2011 18:21:36.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1838 [GMT -5:00]
    Running from: c:\users\Fname Lname\Desktop\ComboFix.exe
    Command switches used :: c:\users\Fname Lname\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk"
    "c:\users\Fname Lname\Documents\Documents\Ke43yta.exe"
    "c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AVG Secure Search
    c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    c:\program files\AVG Secure Search\about.gif
    c:\program files\AVG Secure Search\avguidx.dll
    c:\program files\AVG Secure Search\calc.gif
    c:\program files\AVG Secure Search\CleanHistory.gif
    c:\program files\AVG Secure Search\configuration.xml
    c:\program files\AVG Secure Search\current.gif
    c:\program files\AVG Secure Search\Facebook.gif
    c:\program files\AVG Secure Search\favicon.ico
    c:\program files\AVG Secure Search\feedback.gif
    c:\program files\AVG Secure Search\help.gif
    c:\program files\AVG Secure Search\icon18.gif
    c:\program files\AVG Secure Search\iGearedHelper.dll
    c:\program files\AVG Secure Search\labs.gif
    c:\program files\AVG Secure Search\lip.exe
    c:\program files\AVG Secure Search\MigrationTool.exe
    c:\program files\AVG Secure Search\note.gif
    c:\program files\AVG Secure Search\PageStatus.gif
    c:\program files\AVG Secure Search\PostInstall.exe
    c:\program files\AVG Secure Search\radio\bg.gif
    c:\program files\AVG Secure Search\radio\play.gif
    c:\program files\AVG Secure Search\radio\play_hover.gif
    c:\program files\AVG Secure Search\radio\radio.html
    c:\program files\AVG Secure Search\radio\radio.js
    c:\program files\AVG Secure Search\radio\stations.xml
    c:\program files\AVG Secure Search\radio\stop.gif
    c:\program files\AVG Secure Search\radio\stop_hover.gif
    c:\program files\AVG Secure Search\radio\v_minus.gif
    c:\program files\AVG Secure Search\radio\v_minus_1.gif
    c:\program files\AVG Secure Search\radio\v_plus.gif
    c:\program files\AVG Secure Search\radio\v_plus_1.gif
    c:\program files\AVG Secure Search\radio\vol_line_emp.gif
    c:\program files\AVG Secure Search\radio\vol_line_full.gif
    c:\program files\AVG Secure Search\radio\vol_line_half.gif
    c:\program files\AVG Secure Search\remote_configuration.xml
    c:\program files\AVG Secure Search\search.gif
    c:\program files\AVG Secure Search\SecuredSearch.gif
    c:\program files\AVG Secure Search\setup.bmp
    c:\program files\AVG Secure Search\toolbar.zip
    c:\program files\AVG Secure Search\ToolbarBroker.exe
    c:\program files\AVG Secure Search\Uninstall.exe
    c:\program files\AVG Secure Search\vprot.exe
    c:\program files\AVG Secure Search\weather.gif
    c:\program files\AVG Secure Search\windows.gif
    c:\program files\Common Files\AVG Secure Search
    c:\program files\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
    c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
    c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
    c:\program files\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
    c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
    c:\programdata\AVG Secure Search
    c:\programdata\AVG Secure Search\9.0.0.18\chrome.manifest
    c:\programdata\AVG Secure Search\9.0.0.18\chrome\avg.jar
    c:\programdata\AVG Secure Search\9.0.0.18\components\FF4\IToolbarhomewmp.xpt
    c:\programdata\AVG Secure Search\9.0.0.18\components\FF4\toolbarhomewmp.dll
    c:\programdata\AVG Secure Search\9.0.0.18\components\IToolbarhomewmp.xpt
    c:\programdata\AVG Secure Search\9.0.0.18\components\toolbarhomeApi.js
    c:\programdata\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll
    c:\programdata\AVG Secure Search\9.0.0.18\icon.png
    c:\programdata\AVG Secure Search\9.0.0.18\install.rdf
    c:\programdata\AVG Secure Search\9.0.0.18\locale\en-US\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\locale\en-US\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\avg.xml
    c:\programdata\AVG Secure Search\9.0.0.18\modules\avgJsm.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration_0.css
    c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration_0.xul
    c:\programdata\AVG Secure Search\9.0.0.18\modules\EmailNotifier.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\HistoryCleaner.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\IOJsm.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\cs\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\cs\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\da\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\da\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\de\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\de\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\en\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\en\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es-es\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es-es\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\fr\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\fr\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\hu\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\hu\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\id\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\id\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\it\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\it\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ja\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ja\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ko\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ko\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ms\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ms\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\nl\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\nl\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pl\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pl\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt-br\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt-br\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ru\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ru\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sk\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sk\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sr\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sr\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\tr\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\tr\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-cn\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-cn\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-tw\global.dtd
    c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-tw\global.properties
    c:\programdata\AVG Secure Search\9.0.0.18\modules\Preferences.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\propertiesJsm.js
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\about.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\calc.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\CleanHistory.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\close.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\current.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\Facebook.gif
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\feedback.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\feedicon.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\help.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\icon_search.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\icon18.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\information-24.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\labs.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\note.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\PageStatus.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\questionmarkIcon.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioBg.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioEqu.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioEqu_on.gif
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioHandle.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioMenuArrow_off.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioMenuArrow_on.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioPlay_off.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioPlay_on.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioStop_off.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioStop_on.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioVol.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioVolBg.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RealLogo.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\search.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\SecuredSearch.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\sliderWhite.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\weather.gif
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\window-close.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\windows.png
    c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\WMPLogo.png
    c:\programdata\AVG2012
    c:\programdata\AVG2012\Cfg\admin.cfg
    c:\programdata\AVG2012\Cfg\changecfgreg.cfg
    c:\programdata\AVG2012\Cfg\csl.cfg
    c:\programdata\AVG2012\Cfg\emssrv.cfg
    c:\programdata\AVG2012\Cfg\erd.cfg
    c:\programdata\AVG2012\Cfg\idp.cfg
    c:\programdata\AVG2012\Cfg\krnl.cfg
    c:\programdata\AVG2012\Cfg\mail.cfg
    c:\programdata\AVG2012\Cfg\mailsrv.cfg
    c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg
    c:\programdata\AVG2012\Cfg\malrep.cfg
    c:\programdata\AVG2012\Cfg\scan.cfg
    c:\programdata\AVG2012\Cfg\sched.cfg
    c:\programdata\AVG2012\Cfg\setup.cfg
    c:\programdata\AVG2012\Cfg\spsrv.cfg
    c:\programdata\AVG2012\Cfg\update.cfg
    c:\programdata\AVG2012\Cfg\updatecomps.cfg
    c:\programdata\AVG2012\Cfg\user.cfg
    c:\programdata\AVG2012\cfgall\changecfgreg.cfg
    c:\programdata\AVG2012\cfgall\falsealarm.cfg
    c:\programdata\AVG2012\cfgall\krnlall.cfg
    c:\programdata\AVG2012\cfgall\srmall.cfg
    c:\programdata\AVG2012\cfgall\updateall.cfg
    c:\programdata\AVG2012\cfgall\userall.cfg
    c:\programdata\AVG2012\Chjw\1caa3991aa396882.dat
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\025bde27-c082-413c-a8cd-4d34e062aa24
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\1da2db46-530a-4916-97d0-d528365c7a1a
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\92601d74-a65e-4275-8483-d977db2f1a0c
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\a1eca464-8c79-4f01-89c9-c63368989718
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\a7668827-8663-4d4a-a77e-9c38fe859e13
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchff.dat
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchfi.dat
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchmf.dat
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchmi.dat
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\b4140b5c-5952-4104-b17b-4312dad27c19
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\ccbf797e-0c2d-4322-bf61-9b2ef1f8526d
    c:\programdata\AVG2012\Chjw\1caa3991aa396882\d4937825-fb40-4b47-812b-974de7339525
    c:\programdata\AVG2012\Chjw\2c420be0420bada0.dat
    c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchff.dat
    c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchfi.dat
    c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchmf.dat
    c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchmi.dat
    c:\programdata\AVG2012\IDS\config\md5Cache.dat
    c:\programdata\AVG2012\IDS\config\quarantinedList.zip
    c:\programdata\AVG2012\IDS\config\userList.zip
    c:\programdata\AVG2012\log\arklog.cfg
    c:\programdata\AVG2012\log\avgcfg.log
    c:\programdata\AVG2012\log\avgcfg.log.lock
    c:\programdata\AVG2012\log\avgcfgex.log
    c:\programdata\AVG2012\log\avgcfgex.log.lock
    c:\programdata\AVG2012\log\avgchjw.log
    c:\programdata\AVG2012\log\avgchjw.log.1
    c:\programdata\AVG2012\log\avgchjw.log.10
    c:\programdata\AVG2012\log\avgchjw.log.2
    c:\programdata\AVG2012\log\avgchjw.log.3
    c:\programdata\AVG2012\log\avgchjw.log.4
    c:\programdata\AVG2012\log\avgchjw.log.5
    c:\programdata\AVG2012\log\avgchjw.log.6
    c:\programdata\AVG2012\log\avgchjw.log.7
    c:\programdata\AVG2012\log\avgchjw.log.8
    c:\programdata\AVG2012\log\avgchjw.log.9
    c:\programdata\AVG2012\log\avgchjw.log.lock
    c:\programdata\AVG2012\log\avgchjwsrv.log
    c:\programdata\AVG2012\log\avgchjwsrv.log.1
    c:\programdata\AVG2012\log\avgchjwsrv.log.10
    c:\programdata\AVG2012\log\avgchjwsrv.log.2
    c:\programdata\AVG2012\log\avgchjwsrv.log.3
    c:\programdata\AVG2012\log\avgchjwsrv.log.4
    c:\programdata\AVG2012\log\avgchjwsrv.log.5
    c:\programdata\AVG2012\log\avgchjwsrv.log.6
    c:\programdata\AVG2012\log\avgchjwsrv.log.7
    c:\programdata\AVG2012\log\avgchjwsrv.log.8
    c:\programdata\AVG2012\log\avgchjwsrv.log.9
    c:\programdata\AVG2012\log\avgchjwsrv.log.lock
    c:\programdata\AVG2012\log\avgcore.log
    c:\programdata\AVG2012\log\avgcore.log.1
    c:\programdata\AVG2012\log\avgcore.log.10
    c:\programdata\AVG2012\log\avgcore.log.2
    c:\programdata\AVG2012\log\avgcore.log.3
    c:\programdata\AVG2012\log\avgcore.log.4
    c:\programdata\AVG2012\log\avgcore.log.5
    c:\programdata\AVG2012\log\avgcore.log.6
    c:\programdata\AVG2012\log\avgcore.log.7
    c:\programdata\AVG2012\log\avgcore.log.8
    c:\programdata\AVG2012\log\avgcore.log.9
    c:\programdata\AVG2012\log\avgcore.log.lock
    c:\programdata\AVG2012\log\avgcsl.log
    c:\programdata\AVG2012\log\avgcsl.log.1
    c:\programdata\AVG2012\log\avgcsl.log.2
    c:\programdata\AVG2012\log\avgcsl.log.lock
    c:\programdata\AVG2012\log\avgdiagex.log
    c:\programdata\AVG2012\log\avgdiagex.log.lock
    c:\programdata\AVG2012\log\avgemc.log
    c:\programdata\AVG2012\log\avgemc.log.1
    c:\programdata\AVG2012\log\avgemc.log.2
    c:\programdata\AVG2012\log\avgemc.log.3
    c:\programdata\AVG2012\log\avgemc.log.4
    c:\programdata\AVG2012\log\avgemc.log.lock
    c:\programdata\AVG2012\log\avgexc.log
    c:\programdata\AVG2012\log\avgexc.log.lock
    c:\programdata\AVG2012\log\avgldr.log
    c:\programdata\AVG2012\log\avgldr.log.1
    c:\programdata\AVG2012\log\avgldr.log.2
    c:\programdata\AVG2012\log\avgldr.log.lock
    c:\programdata\AVG2012\log\avglng.log
    c:\programdata\AVG2012\log\avglng.log.1
    c:\programdata\AVG2012\log\avglng.log.lock
    c:\programdata\AVG2012\log\avgmail.cfg
    c:\programdata\AVG2012\log\avgns.log
    c:\programdata\AVG2012\log\avgns.log.1
    c:\programdata\AVG2012\log\avgns.log.10
    c:\programdata\AVG2012\log\avgns.log.2
    c:\programdata\AVG2012\log\avgns.log.3
    c:\programdata\AVG2012\log\avgns.log.4
    c:\programdata\AVG2012\log\avgns.log.5
    c:\programdata\AVG2012\log\avgns.log.6
    c:\programdata\AVG2012\log\avgns.log.7
    c:\programdata\AVG2012\log\avgns.log.8
    c:\programdata\AVG2012\log\avgns.log.9
    c:\programdata\AVG2012\log\avgns.log.lock
    c:\programdata\AVG2012\log\avgpostinst.log
    c:\programdata\AVG2012\log\avgpostinst.log.lock
    c:\programdata\AVG2012\log\avgrs.log
    c:\programdata\AVG2012\log\avgrs.log.1
    c:\programdata\AVG2012\log\avgrs.log.10
    c:\programdata\AVG2012\log\avgrs.log.2
    c:\programdata\AVG2012\log\avgrs.log.3
    c:\programdata\AVG2012\log\avgrs.log.4
    c:\programdata\AVG2012\log\avgrs.log.5
    c:\programdata\AVG2012\log\avgrs.log.6
    c:\programdata\AVG2012\log\avgrs.log.7
    c:\programdata\AVG2012\log\avgrs.log.8
    c:\programdata\AVG2012\log\avgrs.log.9
    c:\programdata\AVG2012\log\avgrs.log.lock
    c:\programdata\AVG2012\log\avgscan.log
    c:\programdata\AVG2012\log\avgscan.log.1
    c:\programdata\AVG2012\log\avgscan.log.10
    c:\programdata\AVG2012\log\avgscan.log.2
    c:\programdata\AVG2012\log\avgscan.log.3
    c:\programdata\AVG2012\log\avgscan.log.4
    c:\programdata\AVG2012\log\avgscan.log.5
    c:\programdata\AVG2012\log\avgscan.log.6
    c:\programdata\AVG2012\log\avgscan.log.7
    c:\programdata\AVG2012\log\avgscan.log.8
    c:\programdata\AVG2012\log\avgscan.log.9
    c:\programdata\AVG2012\log\avgscan.log.lock
    c:\programdata\AVG2012\log\avgsched.log
    c:\programdata\AVG2012\log\avgsched.log.1
    c:\programdata\AVG2012\log\avgsched.log.10
    c:\programdata\AVG2012\log\avgsched.log.2
    c:\programdata\AVG2012\log\avgsched.log.3
    c:\programdata\AVG2012\log\avgsched.log.4
    c:\programdata\AVG2012\log\avgsched.log.5
    c:\programdata\AVG2012\log\avgsched.log.6
    c:\programdata\AVG2012\log\avgsched.log.7
    c:\programdata\AVG2012\log\avgsched.log.8
    c:\programdata\AVG2012\log\avgsched.log.9
    c:\programdata\AVG2012\log\avgsched.log.lock
    c:\programdata\AVG2012\log\avgsrm.log
    c:\programdata\AVG2012\log\avgsrm.log.1
    c:\programdata\AVG2012\log\avgsrm.log.2
    c:\programdata\AVG2012\log\avgsrm.log.3
    c:\programdata\AVG2012\log\avgsrm.log.4
    c:\programdata\AVG2012\log\avgsrm.log.5
    c:\programdata\AVG2012\log\avgsrm.log.6
    c:\programdata\AVG2012\log\avgsrm.log.7
    c:\programdata\AVG2012\log\avgsrm.log.8
    c:\programdata\AVG2012\log\avgsrm.log.lock
    c:\programdata\AVG2012\log\avgsrmac.log
    c:\programdata\AVG2012\log\avgsrmac.log.1
    c:\programdata\AVG2012\log\avgsrmac.log.2
    c:\programdata\AVG2012\log\avgsrmac.log.lock
    c:\programdata\AVG2012\log\avgtbapi.cfg
    c:\programdata\AVG2012\log\avgtbapi.log.lock
    c:\programdata\AVG2012\log\avgtdi.log
    c:\programdata\AVG2012\log\avgtdi.log.1
    c:\programdata\AVG2012\log\avgtdi.log.lock
    c:\programdata\AVG2012\log\avgual.2011-11-29.log
    c:\programdata\AVG2012\log\avgual.log
    c:\programdata\AVG2012\log\avgual.log.lock
    c:\programdata\AVG2012\log\avgui.log
    c:\programdata\AVG2012\log\avgui.log.1
    c:\programdata\AVG2012\log\avgui.log.10
    c:\programdata\AVG2012\log\avgui.log.2
    c:\programdata\AVG2012\log\avgui.log.3
    c:\programdata\AVG2012\log\avgui.log.4
    c:\programdata\AVG2012\log\avgui.log.5
    c:\programdata\AVG2012\log\avgui.log.6
    c:\programdata\AVG2012\log\avgui.log.7
    c:\programdata\AVG2012\log\avgui.log.8
    c:\programdata\AVG2012\log\avgui.log.9
    c:\programdata\AVG2012\log\avgui.log.lock
    c:\programdata\AVG2012\log\avguidraw.log
    c:\programdata\AVG2012\log\avguidraw.log.1
    c:\programdata\AVG2012\log\avguidraw.log.lock
    c:\programdata\AVG2012\log\avguilog.cfg
    c:\programdata\AVG2012\log\avgupd.log
    c:\programdata\AVG2012\log\avgupd.log.1
    c:\programdata\AVG2012\log\avgupd.log.2
    c:\programdata\AVG2012\log\avgupd.log.lock
    c:\programdata\AVG2012\log\avgupdm.log
    c:\programdata\AVG2012\log\avgwd.log
    c:\programdata\AVG2012\log\avgwd.log.1
    c:\programdata\AVG2012\log\avgwd.log.10
    c:\programdata\AVG2012\log\avgwd.log.2
    c:\programdata\AVG2012\log\avgwd.log.3
    c:\programdata\AVG2012\log\avgwd.log.4
    c:\programdata\AVG2012\log\avgwd.log.5
    c:\programdata\AVG2012\log\avgwd.log.6
    c:\programdata\AVG2012\log\avgwd.log.7
    c:\programdata\AVG2012\log\avgwd.log.8
    c:\programdata\AVG2012\log\avgwd.log.9
    c:\programdata\AVG2012\log\avgwd.log.lock
    c:\programdata\AVG2012\log\avgwdsvc.log
    c:\programdata\AVG2012\log\avgwdsvc.log.1
    c:\programdata\AVG2012\log\avgwdsvc.log.2
    c:\programdata\AVG2012\log\avgwdsvc.log.3
    c:\programdata\AVG2012\log\avgwdsvc.log.4
    c:\programdata\AVG2012\log\avgwdsvc.log.5
    c:\programdata\AVG2012\log\avgwdsvc.log.6
    c:\programdata\AVG2012\log\avgwdsvc.log.7
    c:\programdata\AVG2012\log\avgwdsvc.log.lock
    c:\programdata\AVG2012\log\cfgexlog.cfg
    c:\programdata\AVG2012\log\cfglog.cfg
    c:\programdata\AVG2012\log\chjwlog.cfg
    c:\programdata\AVG2012\log\commonpriv.log
    c:\programdata\AVG2012\log\commonpriv.log.1
    c:\programdata\AVG2012\log\commonpriv.log.10
    c:\programdata\AVG2012\log\commonpriv.log.2
    c:\programdata\AVG2012\log\commonpriv.log.3
    c:\programdata\AVG2012\log\commonpriv.log.4
    c:\programdata\AVG2012\log\commonpriv.log.5
    c:\programdata\AVG2012\log\commonpriv.log.6
    c:\programdata\AVG2012\log\commonpriv.log.7
    c:\programdata\AVG2012\log\commonpriv.log.8
    c:\programdata\AVG2012\log\commonpriv.log.9
    c:\programdata\AVG2012\log\commonpriv.log.lock
    c:\programdata\AVG2012\log\corelog.cfg
    c:\programdata\AVG2012\log\csllog.cfg
    c:\programdata\AVG2012\log\emclog.cfg
    c:\programdata\AVG2012\log\fixcfg.log
    c:\programdata\AVG2012\log\fixcfg.log.1
    c:\programdata\AVG2012\log\fixcfg.log.lock
    c:\programdata\AVG2012\log\history.xml
    c:\programdata\AVG2012\log\ldrlog.cfg
    c:\programdata\AVG2012\log\lnglog.cfg
    c:\programdata\AVG2012\log\lscanlog.cfg
    c:\programdata\AVG2012\log\nslog.cfg
    c:\programdata\AVG2012\log\privlog.cfg
    c:\programdata\AVG2012\log\publog.cfg
    c:\programdata\AVG2012\log\rslog.cfg
    c:\programdata\AVG2012\log\scanlog.cfg
    c:\programdata\AVG2012\log\schedlog.cfg
    c:\programdata\AVG2012\log\srmlog.cfg
    c:\programdata\AVG2012\log\tdilog.cfg
    c:\programdata\AVG2012\log\updlog.cfg
    c:\programdata\AVG2012\log\vault.log
    c:\programdata\AVG2012\log\vault.log.1
    c:\programdata\AVG2012\log\vault.log.2
    c:\programdata\AVG2012\log\vault.log.3
    c:\programdata\AVG2012\log\vault.log.4
    c:\programdata\AVG2012\log\vault.log.5
    c:\programdata\AVG2012\log\vault.log.lock
    c:\programdata\AVG2012\log\vaultlog.cfg
    c:\programdata\AVG2012\log\wdlog.cfg
    c:\programdata\AVG2012\log\wdsvclog.cfg
    c:\programdata\AVG2012\lsdb\prev\prvcache.dat
    c:\programdata\AVG2012\lsdb\prev\prvglbl.dat
    c:\programdata\AVG2012\scanlogs\I_00000001.log
    c:\programdata\AVG2012\scanlogs\I_00000003.log
    c:\programdata\AVG2012\scanlogs\I_00000004.log
    c:\programdata\AVG2012\scanlogs\I_00000005.log
    c:\programdata\AVG2012\scanlogs\I_00000006.log
    c:\programdata\AVG2012\scanlogs\I_00000007.log
    c:\programdata\AVG2012\scanlogs\I_00000008.log
    c:\programdata\AVG2012\scanlogs\I_00000009.log
    c:\programdata\AVG2012\scanlogs\I_00000010.log
    c:\programdata\AVG2012\scanlogs\I_00000011.log
    c:\programdata\AVG2012\scanlogs\I_00000012.log
    c:\programdata\AVG2012\scanlogs\I_00000013.log
    c:\programdata\AVG2012\scanlogs\I_00000014.log
    c:\programdata\AVG2012\scanlogs\I_00000015.log
    c:\programdata\AVG2012\scanlogs\I_00000016.log
    c:\programdata\AVG2012\scanlogs\I_00000017.log
    c:\programdata\AVG2012\scanlogs\I_00000018.log
    c:\programdata\AVG2012\scanlogs\I_00000019.log
    c:\programdata\AVG2012\scanlogs\I_00000020.log
    c:\programdata\AVG2012\scanlogs\I_00000021.log
    c:\programdata\AVG2012\scanlogs\I_00000022.log
    c:\programdata\AVG2012\scanlogs\I_00000023.log
    c:\programdata\AVG2012\scanlogs\I_00000024.log
    c:\programdata\AVG2012\scanlogs\I_00000025.log
    c:\programdata\AVG2012\scanlogs\I_00000026.log
    c:\programdata\AVG2012\scanlogs\I_00000027.log
    c:\programdata\AVG2012\scanlogs\I_00000028.log
    c:\programdata\AVG2012\scanlogs\I_00000029.log
    c:\programdata\AVG2012\scanlogs\I_00000030.log
    c:\programdata\AVG2012\scanlogs\I_00000031.log
    c:\programdata\AVG2012\scanlogs\I_00000032.log
    c:\programdata\AVG2012\scanlogs\I_00000033.log
    c:\programdata\AVG2012\scanlogs\I_00000034.log
    c:\programdata\AVG2012\scanlogs\I_00000035.log
    c:\programdata\AVG2012\scanlogs\I_00000036.log
    c:\programdata\AVG2012\scanlogs\I_00000037.log
    c:\programdata\AVG2012\scanlogs\I_00000038.log
    c:\programdata\AVG2012\scanlogs\I_00000039.log
    c:\programdata\AVG2012\scanlogs\I_00000040.log
    c:\programdata\AVG2012\scanlogs\I_00000041.log
    c:\programdata\AVG2012\scanlogs\I_00000042.log
    c:\programdata\AVG2012\scanlogs\I_00000043.log
    c:\programdata\AVG2012\scanlogs\I_00000044.log
    c:\programdata\AVG2012\scanlogs\I_00000045.log
    c:\programdata\AVG2012\scanlogs\I_00000046.log
    c:\programdata\AVG2012\scanlogs\I_00000047.log
    c:\programdata\AVG2012\scanlogs\I_00000048.log
    c:\programdata\AVG2012\scanlogs\I_00000049.log
    c:\programdata\AVG2012\scanlogs\I_00000050.log
    c:\programdata\AVG2012\scanlogs\I_00000051.log
    c:\programdata\AVG2012\scanlogs\I_00000052.log
    c:\programdata\AVG2012\scanlogs\I_00000053.log
    c:\programdata\AVG2012\scanlogs\I_00000054.log
    c:\programdata\AVG2012\scanlogs\I_00000055.log
    c:\programdata\AVG2012\scanlogs\I_00000056.log
    c:\programdata\AVG2012\scanlogs\I_00000057.log
    c:\programdata\AVG2012\scanlogs\I_00000058.log
    c:\programdata\AVG2012\scanlogs\I_00000059.log
    c:\programdata\AVG2012\scanlogs\I_00000060.log
    c:\programdata\AVG2012\scanlogs\I_00000061.log
    c:\programdata\AVG2012\scanlogs\I_00000062.log
    c:\programdata\AVG2012\scanlogs\I_00000063.log
    c:\programdata\AVG2012\scanlogs\I_00000064.log
    c:\programdata\AVG2012\scanlogs\I_00000065.log
    c:\programdata\AVG2012\scanlogs\I_00000066.log
    c:\programdata\AVG2012\scanlogs\I_00000067.log
    c:\programdata\AVG2012\scanlogs\I_00000068.log
    c:\programdata\AVG2012\scanlogs\I_00000069.log
    c:\programdata\AVG2012\scanlogs\I_00000070.log
    c:\programdata\AVG2012\scanlogs\I_00000071.log
    c:\programdata\AVG2012\scanlogs\I_00000072.log
    c:\programdata\AVG2012\scanlogs\I_00000073.log
    c:\programdata\AVG2012\scanlogs\I_00000074.log
    c:\programdata\AVG2012\scanlogs\I_00000075.log
    c:\programdata\AVG2012\scanlogs\I_00000076.log
    c:\programdata\AVG2012\scanlogs\I_00000077.log
    c:\programdata\AVG2012\scanlogs\I_00000078.log
    c:\programdata\AVG2012\scanlogs\I_00000079.log
    c:\programdata\AVG2012\scanlogs\I_00000080.log
    c:\programdata\AVG2012\scanlogs\I_00000081.log
    c:\programdata\AVG2012\scanlogs\I_00000082.log
    c:\programdata\AVG2012\scanlogs\I_00000083.log
    c:\programdata\AVG2012\scanlogs\I_00000084.log
    c:\programdata\AVG2012\scanlogs\I_00000085.log
    c:\programdata\AVG2012\scanlogs\I_00000086.log
    c:\programdata\AVG2012\scanlogs\I_00000087.log
    c:\programdata\AVG2012\scanlogs\I_00000088.log
    c:\programdata\AVG2012\scanlogs\I_00000089.log
    c:\programdata\AVG2012\scanlogs\I_00000090.log
    c:\programdata\AVG2012\scanlogs\I_00000091.log
    c:\programdata\AVG2012\scanlogs\I_00000092.log
    c:\programdata\AVG2012\scanlogs\I_00000093.log
    c:\programdata\AVG2012\scanlogs\I_00000094.log
    c:\programdata\AVG2012\scanlogs\I_00000095.log
    c:\programdata\AVG2012\scanlogs\I_00000096.log
    c:\programdata\AVG2012\scanlogs\I_00000097.log
    c:\programdata\AVG2012\scanlogs\I_00000098.log
    c:\programdata\AVG2012\scanlogs\I_00000099.log
    c:\programdata\AVG2012\scanlogs\I_00000100.log
    c:\programdata\AVG2012\scanlogs\I_00000101.log
    c:\programdata\AVG2012\scanlogs\I_00000102.log
    c:\programdata\AVG2012\scanlogs\I_00000103.log
    c:\programdata\AVG2012\scanlogs\I_00000104.log
    c:\programdata\AVG2012\scanlogs\I_00000105.log
    c:\programdata\AVG2012\scanlogs\I_00000106.log
    c:\programdata\AVG2012\scanlogs\I_00000107.log
    c:\programdata\AVG2012\scanlogs\I_00000108.log
    c:\programdata\AVG2012\scanlogs\I_00000109.log
    c:\programdata\AVG2012\scanlogs\I_00000110.log
    c:\programdata\AVG2012\scanlogs\I_00000111.log
    c:\programdata\AVG2012\scanlogs\I_00000112.log
    c:\programdata\AVG2012\scanlogs\I_00000113.log
    c:\programdata\AVG2012\scanlogs\I_00000114.log
    c:\programdata\AVG2012\scanlogs\I_00000115.log
    c:\programdata\AVG2012\scanlogs\I_00000116.log
    c:\programdata\AVG2012\scanlogs\I_00000117.log
    c:\programdata\AVG2012\scanlogs\I_00000118.log
    c:\programdata\AVG2012\scanlogs\I_00000119.log
    c:\programdata\AVG2012\scanlogs\I_00000120.log
    c:\programdata\AVG2012\scanlogs\I_00000121.log
    c:\programdata\AVG2012\scanlogs\I_00000122.log
    c:\programdata\AVG2012\scanlogs\I_00000123.log
    c:\programdata\AVG2012\scanlogs\I_00000124.log
    c:\programdata\AVG2012\scanlogs\I_00000125.log
    c:\programdata\AVG2012\scanlogs\I_00000126.log
    c:\programdata\AVG2012\scanlogs\I_00000127.log
    c:\programdata\AVG2012\scanlogs\I_00000128.log
    c:\programdata\AVG2012\scanlogs\I_00000129.log
    c:\programdata\AVG2012\scanlogs\I_00000130.log
    c:\programdata\AVG2012\scanlogs\I_00000131.log
    c:\programdata\AVG2012\scanlogs\I_00000132.log
    c:\programdata\AVG2012\scanlogs\I_00000133.log
    c:\programdata\AVG2012\scanlogs\I_00000134.log
    c:\programdata\AVG2012\scanlogs\I_00000135.log
    c:\programdata\AVG2012\scanlogs\I_00000136.log
    c:\programdata\AVG2012\scanlogs\I_00000137.log
    c:\programdata\AVG2012\scanlogs\I_00000138.log
    c:\programdata\AVG2012\scanlogs\I_00000139.log
    c:\programdata\AVG2012\scanlogs\I_00000140.log
    c:\programdata\AVG2012\scanlogs\I_00000141.log
    c:\programdata\AVG2012\scanlogs\I_00000142.log
    c:\programdata\AVG2012\scanlogs\I_00000143.log
    c:\programdata\AVG2012\scanlogs\I_00000144.log
    c:\programdata\AVG2012\scanlogs\I_00000145.log
    c:\programdata\AVG2012\scanlogs\I_00000146.log
    c:\programdata\AVG2012\scanlogs\I_00000147.log
    c:\programdata\AVG2012\scanlogs\I_00000148.log
    c:\programdata\AVG2012\scanlogs\I_00000149.log
    c:\programdata\AVG2012\scanlogs\I_00000150.log
    c:\programdata\AVG2012\scanlogs\I_00000151.log
    c:\programdata\AVG2012\scanlogs\I_00000152.log
    c:\programdata\AVG2012\scanlogs\I_00000153.log
    c:\programdata\AVG2012\scanlogs\I_00000154.log
    c:\programdata\AVG2012\scanlogs\I_00000155.log
    c:\programdata\AVG2012\scanlogs\I_00000156.log
    c:\programdata\AVG2012\scanlogs\I_00000157.log
    c:\programdata\AVG2012\scanlogs\I_00000158.log
    c:\programdata\AVG2012\scanlogs\I_00000159.log
    c:\programdata\AVG2012\scanlogs\I_00000160.log
    c:\programdata\AVG2012\scanlogs\I_00000161.log
    c:\programdata\AVG2012\scanlogs\I_00000162.log
    c:\programdata\AVG2012\scanlogs\I_00000163.log
    c:\programdata\AVG2012\scanlogs\I_00000164.log
    c:\programdata\AVG2012\scanlogs\I_00000165.log
    c:\programdata\AVG2012\scanlogs\I_00000166.log
    c:\programdata\AVG2012\scanlogs\I_00000167.log
    c:\programdata\AVG2012\scanlogs\I_00000168.log
    c:\programdata\AVG2012\scanlogs\I_00000169.log
    c:\programdata\AVG2012\scanlogs\I_00000170.log
    c:\programdata\AVG2012\scanlogs\I_00000171.log
    c:\programdata\AVG2012\scanlogs\I_00000172.log
    c:\programdata\AVG2012\scanlogs\I_00000173.log
    c:\programdata\AVG2012\scanlogs\I_00000174.log
    c:\programdata\AVG2012\scanlogs\I_00000175.log
    c:\programdata\AVG2012\scanlogs\I_00000176.log
    c:\programdata\AVG2012\scanlogs\I_00000177.log
    c:\programdata\AVG2012\scanlogs\I_00000178.log
    c:\programdata\AVG2012\scanlogs\I_00000179.log
    c:\programdata\AVG2012\scanlogs\I_00000180.log
    c:\programdata\AVG2012\scanlogs\I_00000181.log
    c:\programdata\AVG2012\scanlogs\I_00000182.log
    c:\programdata\AVG2012\scanlogs\I_00000183.log
    c:\programdata\AVG2012\scanlogs\I_00000184.log
    c:\programdata\AVG2012\scanlogs\I_00000185.log
    c:\programdata\AVG2012\scanlogs\I_00000186.log
    c:\programdata\AVG2012\scanlogs\I_00000187.log
    c:\programdata\AVG2012\scanlogs\I_00000188.log
    c:\programdata\AVG2012\scanlogs\I_00000189.log
    c:\programdata\AVG2012\scanlogs\I_00000190.log
    c:\programdata\AVG2012\scanlogs\I_00000191.log
    c:\programdata\AVG2012\scanlogs\I_00000192.log
    c:\programdata\AVG2012\scanlogs\I_00000193.log
    c:\programdata\AVG2012\scanlogs\I_00000194.log
    c:\programdata\AVG2012\scanlogs\I_00000195.log
    c:\programdata\AVG2012\scanlogs\I_00000196.log
    c:\programdata\AVG2012\scanlogs\I_00000197.log
    c:\programdata\AVG2012\scanlogs\I_00000198.log
    c:\programdata\AVG2012\scanlogs\I_00000199.log
    c:\programdata\AVG2012\scanlogs\I_00000200.log
    c:\programdata\AVG2012\scanlogs\I_00000201.log
    c:\programdata\AVG2012\scanlogs\I_00000202.log
    c:\programdata\AVG2012\scanlogs\I_00000203.log
    c:\programdata\AVG2012\scanlogs\I_00000204.log
    c:\programdata\AVG2012\scanlogs\I_00000205.log
    c:\programdata\AVG2012\scanlogs\I_00000206.log
    c:\programdata\AVG2012\scanlogs\I_00000207.log
    c:\programdata\AVG2012\scanlogs\I_00000208.log
    c:\programdata\AVG2012\scanlogs\I_00000209.log
    c:\programdata\AVG2012\scanlogs\I_00000210.log
    c:\programdata\AVG2012\scanlogs\I_00000211.log
    c:\programdata\AVG2012\scanlogs\I_00000212.log
    c:\programdata\AVG2012\scanlogs\I_00000213.log
    c:\programdata\AVG2012\scanlogs\I_00000214.log
    c:\programdata\AVG2012\scanlogs\I_00000215.log
    c:\programdata\AVG2012\scanlogs\I_00000216.log
    c:\programdata\AVG2012\scanlogs\I_00000217.log
    c:\programdata\AVG2012\scanlogs\I_00000218.log
    c:\programdata\AVG2012\scanlogs\I_00000219.log
    c:\programdata\AVG2012\scanlogs\I_00000220.log
    c:\programdata\AVG2012\scanlogs\I_00000221.log
    c:\programdata\AVG2012\scanlogs\I_00000222.log
    c:\programdata\AVG2012\scanlogs\I_00000223.log
    c:\programdata\AVG2012\scanlogs\I_00000224.log
    c:\programdata\AVG2012\scanlogs\I_00000225.log
    c:\programdata\AVG2012\scanlogs\I_00000226.log
    c:\programdata\AVG2012\scanlogs\I_00000227.log
    c:\programdata\AVG2012\scanlogs\I_00000228.log
    c:\programdata\AVG2012\scanlogs\I_00000229.log
    c:\programdata\AVG2012\scanlogs\I_00000230.log
    c:\programdata\AVG2012\scanlogs\I_00000231.log
    c:\programdata\AVG2012\scanlogs\I_00000232.log
    c:\programdata\AVG2012\scanlogs\I_00000233.log
    c:\programdata\AVG2012\scanlogs\I_00000234.log
    c:\programdata\AVG2012\scanlogs\I_00000235.log
    c:\programdata\AVG2012\scanlogs\I_00000236.log
    c:\programdata\AVG2012\scanlogs\I_00000237.log
    c:\programdata\AVG2012\scanlogs\I_00000238.log
    c:\programdata\AVG2012\scanlogs\I_00000239.log
    c:\programdata\AVG2012\scanlogs\I_00000240.log
    c:\programdata\AVG2012\scanlogs\I_00000241.log
    c:\programdata\AVG2012\scanlogs\I_00000242.log
    c:\programdata\AVG2012\scanlogs\I_00000243.log
    c:\programdata\AVG2012\scanlogs\I_00000244.log
    c:\programdata\AVG2012\scanlogs\I_00000245.log
    c:\programdata\AVG2012\scanlogs\I_00000246.log
    c:\programdata\AVG2012\scanlogs\I_00000247.log
    c:\programdata\AVG2012\scanlogs\I_00000248.log
    c:\programdata\AVG2012\scanlogs\I_00000249.log
    c:\programdata\AVG2012\scanlogs\I_00000250.log
    c:\programdata\AVG2012\scanlogs\I_00000251.log
    c:\programdata\AVG2012\scanlogs\I_00000252.log
    c:\programdata\AVG2012\scanlogs\I_00000253.log
    c:\programdata\AVG2012\scanlogs\I_00000254.log
    c:\programdata\AVG2012\scanlogs\I_00000255.log
    c:\programdata\AVG2012\scanlogs\I_00000256.log
    c:\programdata\AVG2012\scanlogs\I_00000257.log
    c:\programdata\AVG2012\scanlogs\I_00000258.log
    c:\programdata\AVG2012\scanlogs\I_00000259.log
    c:\programdata\AVG2012\scanlogs\I_00000260.log
    c:\programdata\AVG2012\scanlogs\I_00000261.log
    c:\programdata\AVG2012\scanlogs\I_00000262.log
    c:\programdata\AVG2012\scanlogs\I_00000263.log
    c:\programdata\AVG2012\scanlogs\I_00000264.log
    c:\programdata\AVG2012\scanlogs\I_00000265.log
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_vToolbarUpdater
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-18 23:37 . 2011-12-18 23:43 -------- d-----w- c:\users\Fname Lname\AppData\Local\temp
    2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-17 16:33 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2011-12-14 14:56 . 2011-12-14 14:56 -------- d-----w- c:\programdata\WindowsSearch
    2011-12-13 23:33 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-13 23:33 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-13 23:33 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-13 23:33 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-13 23:33 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-13 23:33 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-13 23:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-01 03:53 . 2011-12-01 03:23 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-12-01 03:42 . 2011-12-01 03:42 -------- d-----w- c:\programdata\Trend Micro
    2011-12-01 03:32 . 2011-12-01 03:32 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
    2011-11-30 02:38 . 2011-11-30 04:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-11-30 00:33 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-30 00:33 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-30 00:33 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-30 00:33 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-30 00:32 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-30 00:32 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-30 00:32 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-30 00:32 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\programdata\AVAST Software
    2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\program files\AVAST Software
    2011-11-30 00:09 . 2011-12-01 13:05 -------- d-----w- c:\program files\Trend Micro
    2011-11-23 21:06 . 2011-11-23 21:06 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-20 21:02 . 2011-11-09 13:20 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-11-12 19:40 . 2009-11-12 19:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2009-12-31 15:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    c:\users\FNAMERE~1\AppData\Local\Temp\knf.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
    "googletalk"="c:\users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [BU]
    "HostManager"="c:\program files\Common Files\AOL\1230828047\ee\AOLSoftware.exe" [2006-09-26 50736]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
    R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
    .
    2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
    FF - ProfilePath - c:\users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Fname Lname\AppData\Roaming\Move Networks
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
     
  14. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Cont'd...

    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\sttray.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\windows\ehome\mcupdate.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-12-18 18:50:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-18 23:49
    ComboFix2.txt 2011-12-17 20:06
    .
    Pre-Run: 14,375,690,240 bytes free
    Post-Run: 14,103,633,920 bytes free
    .
    - - End Of File - - D47781FFB149C3A5A6402B1EAB3740D5
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good :)

    I made a typo in my previous reply.
    I meant you keep AVG uninstalled and you use Avast as your AV program.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Computer is running fine.

    OTL.txt log...

    OTL logfile created on: 12/18/2011 7:31:59 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fname Lname\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
    6.18 Gb Paging File | 5.02 Gb Available in Paging File | 81.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 13.18 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

    Computer Name: FNAMELNAME-PC | User Name: Fname Lname | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/11/12 18:34:37 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
    PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
    PRC - [2007/09/06 21:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
    PRC - [2007/07/12 18:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/07/12 18:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/12 18:34:38 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
    MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/06/13 19:59:05 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2009/11/10 15:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2008/12/18 12:38:22 | 002,490,368 | ---- | M] () -- C:\Program Files\Common Files\Common Share\Filters\FFDShow\ffdshow.ax
    MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-110309-193829)
    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/07/12 18:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/11/30 22:23:25 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/10/26 15:47:28 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDisMP)
    DRV - [2010/10/26 15:47:28 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDis)
    DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008/02/29 03:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/09/06 21:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/04/29 17:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/02/16 02:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb01ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067&Keywords={searchTerms}"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5319
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
    FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Fname Lname\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Fname Lname\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/19 21:57:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/19 21:57:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/13 22:29:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 22:27:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/12 18:34:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Fname Lname\AppData\Roaming\Move Networks [2009/10/22 18:57:08 | 000,000,000 | ---D | M]

    [2009/01/09 14:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Extensions
    [2011/12/18 18:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions
    [2009/08/08 23:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/19 23:31:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/09/06 10:48:11 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    [2010/03/12 19:06:30 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    [2010/09/30 07:08:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/03/04 22:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/06/16 21:04:48 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\gamebox@toolbar
    [2011/03/04 22:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\staged-xpis
    [2010/03/12 19:07:05 | 000,002,267 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\aim-search.xml
    [2011/02/23 19:38:49 | 000,002,567 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml
    [2010/01/20 11:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\conduit.xml
    [2011/11/29 23:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/15 20:58:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/12 19:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/07 19:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/24 18:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/05 18:40:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/11 10:33:02 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Fname Lname\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Fname Lname\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
    CHR - Extension: DivX HiQ = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: avast! WebRep = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: Poppit = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

    O1 HOSTS File: ([2011/12/18 18:42:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [googletalk] C:\Users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Fname Lname\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Fname Lname\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  17. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    OTL.txt cont'd...

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/18 19:29:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
    [2011/12/18 18:50:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/12/18 18:50:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\temp
    [2011/12/18 18:42:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/12/17 09:12:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F0481BE8-D586-40AF-AE2C-8DB2CEC85FAE}
    [2011/12/17 09:09:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EEFD7FE5-F457-4C42-A277-C9A99B27E71B}
    [2011/12/16 23:52:52 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5DB9C2D2-C884-40D6-ACB7-E59DBC6790F5}
    [2011/12/16 23:45:27 | 004,343,835 | R--- | C] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
    [2011/12/16 23:39:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{871E3265-F494-49CA-8E5F-CF46589D10E8}
    [2011/12/16 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CE3FFB42-953A-4132-8E4B-30FE3857F381}
    [2011/12/16 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D9B59AE6-3278-4795-B63F-98288E3A00BF}
    [2011/12/16 22:43:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/12/16 22:43:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/12/16 22:43:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/12/16 22:39:51 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{03306ABB-B957-4D0B-A4AA-978844CF80EE}
    [2011/12/16 22:39:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{78A275ED-C99C-4013-8951-CC62D753E519}
    [2011/12/16 22:22:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/12/16 22:21:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/16 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E51F10CE-AACE-47E8-B2FC-4DE870118458}
    [2011/12/16 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{456BDD91-4634-475C-BD3F-7C610E5D408B}
    [2011/12/16 20:30:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B6B8EB49-6A91-4C3C-B8D6-7EB2236858F1}
    [2011/12/16 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{9FE60277-DDA5-46EE-820C-8C01357D4B49}
    [2011/12/16 08:03:39 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{53210B75-847B-4AE1-9B13-9617C437611D}
    [2011/12/16 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{871AADD2-B666-4819-9538-77EFD0A2795D}
    [2011/12/15 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{ADE71AE9-9B4D-46A5-B134-F7730EC1678C}
    [2011/12/15 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DFF8D878-2D9F-4041-B558-605F3E1302C2}
    [2011/12/15 08:00:51 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{38A1C4DF-6B79-4376-A636-86D2FE17A0E9}
    [2011/12/15 08:00:36 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8C78F3FF-4ABA-41B3-B13C-4928EDDBF4F2}
    [2011/12/14 20:50:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EB89C177-6E17-4588-9280-E77E0392698F}
    [2011/12/14 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A00577AC-AF7A-4923-9075-4E1222A207C8}
    [2011/12/14 09:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/12/14 07:54:37 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{52D0C189-24D2-4B09-90F6-3120E7054EAC}
    [2011/12/14 07:54:22 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{653F728F-03FD-4E86-990F-625C76E0C1BF}
    [2011/12/13 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{593CE855-6329-4112-A134-71A15A55DE7B}
    [2011/12/13 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{81D750CB-37D8-401F-9138-DD22F9EC9CB8}
    [2011/12/13 18:15:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B8CC1A4C-3D7C-40D2-A1C5-4C02264A28B9}
    [2011/12/13 07:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{743A54C9-A92D-4BBB-B563-0AC222AE128C}
    [2011/12/13 07:58:58 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E3EA28CE-75A2-4E39-B0A9-2254063AB45A}
    [2011/12/12 21:49:32 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3C516639-0929-4E0F-8B74-AA91DE7C4AC6}
    [2011/12/12 21:49:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8988CAC5-1825-4613-8EA5-766D58569F67}
    [2011/12/12 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F4805897-6267-4606-A9AA-72A486764C60}
    [2011/12/12 17:55:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{152FA511-39F9-4D99-9101-019919132B0E}
    [2011/12/12 07:54:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{78AF7FBF-8419-466B-A0F0-9FBDECA9423B}
    [2011/12/12 07:54:21 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8D4F97A0-ABEB-4B76-87AF-9F90FBA9BC2E}
    [2011/12/11 14:05:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A9B6FBF1-6DB2-4D5F-9567-EABD954A16E3}
    [2011/12/11 14:05:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3C046837-54D5-4862-9009-DC5ABBC49A7C}
    [2011/12/11 10:19:22 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{290D27C9-BF77-481B-9904-96BC47708D22}
    [2011/12/11 10:19:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8BE8B0F7-FB82-4CD1-8A81-C79AFB6530BD}
    [2011/12/10 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{17A956AF-52EF-4489-A126-ED593F795A4C}
    [2011/12/10 22:34:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{91D7F1A0-8F99-42A2-A7D7-3F93B66DA41D}
    [2011/12/10 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{52C2DB27-E8B2-447F-A3F2-B49E5B7E1C4E}
    [2011/12/10 09:29:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A7F8ACCD-86F1-41D4-A74F-E417BC95AB7A}
    [2011/12/09 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{71D4FA57-5F62-4D02-AFE6-4221F0EF0A35}
    [2011/12/09 22:43:12 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FCC84171-3731-488C-A371-800674A373A7}
    [2011/12/09 17:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2C2161FA-E954-4AB1-85C5-4A2AF78CE229}
    [2011/12/09 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C48B8FF1-C0C4-4504-97C3-9E3E10A945EB}
    [2011/12/08 17:58:32 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5354FF42-3DB0-4417-837E-AFB36FF2E864}
    [2011/12/08 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{58528AEC-872A-46DF-B890-9C20281C2ED4}
    [2011/12/08 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B74472AC-4E3B-404A-8005-B6873950F252}
    [2011/12/08 08:00:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FB86E75D-F52A-4F51-8112-1A71AB078FF8}
    [2011/12/07 18:02:06 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{AF0F43C5-23C7-4606-8E05-67F05268D289}
    [2011/12/07 18:01:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B57C035D-AD91-4F38-A50E-0D407D8491DD}
    [2011/12/07 08:00:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CA8E0B6D-78ED-4287-B723-0B8A18AA8D95}
    [2011/12/07 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2780868F-DD11-45D3-A7BC-1004223BE700}
    [2011/12/06 18:21:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{36DB32AD-F60F-4C1D-A8C5-2F6CEB9033C4}
    [2011/12/06 18:21:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3841C196-22AE-4D36-8F4F-6D5840DA71DA}
    [2011/12/06 08:07:27 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4A2899C1-D37F-46FB-AD07-4AB56EF995BD}
    [2011/12/06 08:07:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2F69187E-8BAB-4FF5-899D-0942EA12F1F7}
    [2011/12/05 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DC4829C6-6FAF-4BDE-AFC4-E03AF03A54A3}
    [2011/12/05 18:15:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4424DE16-D8EE-4450-B18C-1264E2FF1B13}
    [2011/12/05 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D83DED76-5815-4BC4-8741-D6B8D9CA1586}
    [2011/12/05 08:04:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D806AD2A-1DF2-4E88-BAB8-5041FDF73A41}
    [2011/12/04 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B0D16FD4-FAD1-41F2-9D0D-AB2C413C0ACE}
    [2011/12/04 09:53:44 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{88EE9727-A028-4295-A681-CA737D6B0128}
    [2011/12/03 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4BFC9364-226F-415D-A868-2F58F7A770EC}
    [2011/12/03 09:56:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{65089BEA-756F-42C0-88B1-D0107CE4CF8A}
    [2011/12/02 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{26D41BB7-DBC7-4F21-9DF9-3C082BF8DD8E}
    [2011/12/02 20:28:21 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F38551ED-6BEA-4B85-A6C3-8EA726FD153C}
    [2011/12/02 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{55F173B2-899A-4643-B4B7-6B0D61D1FF95}
    [2011/12/02 18:14:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A767DD70-3E0E-4065-8073-9F9C36F2CBD7}
    [2011/12/02 08:07:36 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5D233606-072D-4E01-A9D8-1A042119274C}
    [2011/12/02 08:07:24 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4C6F518C-C909-4F85-AE1A-3F814944FECB}
    [2011/12/01 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{75B147F5-9389-4F64-932B-B7543FC076C5}
    [2011/12/01 17:55:53 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{70A58D7A-3BD5-4A05-B424-F456DA84DF8B}
    [2011/12/01 08:09:53 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{BFC2F997-1E01-4BCC-93AF-2193CC78D237}
    [2011/12/01 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{48D9EAC0-8C2F-49C3-AE23-DBEC268A519E}
    [2011/11/30 22:53:22 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
    [2011/11/30 22:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
    [2011/11/30 22:42:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B1B9CCE5-07EE-43BE-980F-DF9A1F2F355B}
    [2011/11/30 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B5C37A32-7F53-47E9-B58B-CAACF03730C1}
    [2011/11/30 17:56:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4BF7D56C-CFB1-4559-B821-317825C588F6}
    [2011/11/30 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4579AA29-7CBA-494F-90D7-2BE506341DB0}
    [2011/11/30 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B75C84A0-707F-4080-B676-6EC14A74347B}
    [2011/11/30 08:11:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3D488A34-269C-4023-8C00-3B5E5F3C1F95}
    [2011/11/29 23:37:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A73E9E47-408C-4E96-99A1-0E8A58CECFCD}
    [2011/11/29 23:37:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{589B1D1D-16FA-476B-BDE6-7D0E214A4C75}
    [2011/11/29 21:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
    [2011/11/29 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/11/29 19:33:30 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/11/29 19:33:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/11/29 19:33:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/11/29 19:33:00 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/11/29 19:32:57 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/11/29 19:32:54 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/11/29 19:32:12 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/11/29 19:32:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/11/29 19:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/11/29 19:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/11/29 19:27:45 | 062,844,032 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
    [2011/11/29 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/11/29 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E93A4C1C-17AC-4A32-B879-215B16E09882}
    [2011/11/29 12:13:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3FF6016A-9D7F-43DE-88DC-CC7F382FFDD5}
    [2011/11/29 08:08:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7A74A1CC-1F6D-4E04-B1DF-36CE072B45E4}
    [2011/11/29 08:07:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E7794804-8CEB-4043-824C-FE698C22DD43}
    [2011/11/28 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{174C6A31-A1A9-4802-9E1E-173CC099B2ED}
    [2011/11/28 17:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C6627B21-2C75-4EEA-BF41-0B604E1ED978}
    [2011/11/28 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B70513A6-A212-45E1-B629-A40C53124A27}
    [2011/11/28 08:06:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A0EF3092-7A47-4B46-9E9E-71AC15DC0003}
    [2011/11/27 13:35:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{717A19F1-67AE-4DE4-8663-764987529A8A}
    [2011/11/27 13:35:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EF49DADB-027D-425E-99C9-15CD08F21416}
    [2011/11/27 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EB9AFA10-F61C-4DBD-A4B5-4F6CBF468D63}
    [2011/11/27 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7180099B-308F-4C36-B328-F9AB9F67A606}
    [2011/11/26 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{BE594E07-6B8F-4C7E-827A-AD897227263F}
    [2011/11/25 14:30:27 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{38FFA232-C039-4F4C-9C36-BE2167C1A301}
    [2011/11/25 14:30:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8970C49C-3EAA-47AB-9885-6F9699D9B5A6}
    [2011/11/25 12:49:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DF19B9DD-8A62-4E5C-B3E8-8A10C07911A9}
    [2011/11/25 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{21B11D31-F445-418A-9658-6F87FE3C1FBA}
    [2011/11/25 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8CB350D2-7B83-4FE7-BB6C-413174613EA6}
    [2011/11/25 10:43:28 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7A5FA540-08C8-439A-8988-44C2AD7358D7}
    [2011/11/24 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F0B9542E-BEBA-4317-BBD7-C8E6485E85CA}
    [2011/11/24 23:39:59 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E07366B8-D3BB-489A-9954-C0DCDCDC3711}
    [2011/11/24 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2E436EE3-05DC-4F5A-88BA-CB438F1FFF7D}
    [2011/11/24 20:59:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DFAFACCE-A417-431F-B003-5D874DD3342B}
    [2011/11/24 13:30:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{74FEACA2-676B-46DC-887F-0BAC8654540D}
    [2011/11/24 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{1B78BE29-CD47-4DA4-9BCA-7626B2F98B29}
    [2011/11/24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5A212C01-A0CF-40E3-A303-F5F898020F41}
    [2011/11/24 13:02:58 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5AAAAB42-5495-4464-B0D2-8D534D33186C}
    [2011/11/24 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{65554DAE-A846-45E0-813D-42B819FA267A}
    [2011/11/24 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{74002668-6F92-4C69-BAC4-A84BF57FE22B}
    [2011/11/24 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{378E4D86-4136-4B80-A0CD-163D2A1C6E7F}
    [2011/11/24 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{00B0D81A-0A4E-4200-8F6E-48668031402C}
    [2011/11/24 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{94C2E2A1-2758-4E06-B56E-26A589C0F7FE}
    [2011/11/24 10:47:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{49950FA5-DA01-47AC-85B1-94C78D210DD4}
    [2011/11/23 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E9A3B058-04A9-4450-8EA2-B1C505C33E6E}
    [2011/11/23 23:21:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FF92CD3F-7290-462A-9B01-7F41364B20BE}
    [2011/11/23 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B7BEB154-31F3-4CC6-80D3-2203451078CD}
    [2011/11/23 19:48:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{91298011-A38C-43BD-8419-900B2989B815}
    [2011/11/23 19:47:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{43AE4660-5901-4760-8D99-F3FCBA1CEF0E}
    [2011/11/23 19:08:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{0B0996BD-CA5D-490F-B1CA-314BD33E4EEE}
    [2011/11/23 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F24487EF-43B0-415F-8102-9878B789F766}
    [2011/11/23 16:06:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/11/23 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{0116AE6E-17CD-4106-ADA9-44BEC919F2CE}
    [2011/11/22 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A213DD3C-0378-4FF5-AA49-AD9770EAF914}
    [2011/11/22 19:12:59 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{102DF5BC-D167-4B88-AF49-CB07E1F15CB6}
    [2011/11/22 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{79397ED6-C5F4-4D13-A6EF-2FB385B325C4}
    [2011/11/22 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{40120A0E-DE78-4FBE-86BE-C6D0171B7470}
    [2011/11/22 08:16:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{6CB6EBC8-DD06-4E8D-A535-42B6D9F8A33B}
    [2011/11/22 08:16:35 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C38DCB21-5A48-48DE-B1F4-E6D21CCB3C00}
    [2011/11/21 18:28:49 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B1C4A133-57F6-406B-80E1-76A392E6FDF4}
    [2011/11/21 18:28:28 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CD4BEE6E-7943-4620-A2D4-455584C6648A}
    [2011/11/21 08:10:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{95C078DF-B4F3-44A4-A1BE-81816500434E}
    [2011/11/21 08:09:49 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CEDEED44-5AD1-42FA-BA17-3118DC229390}
    [2011/11/20 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7D0491CF-6467-4F6F-8213-9FBA6386A49B}
    [2011/11/19 09:49:03 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5AA5550D-4D49-4FE2-8DB3-1B3110B9E26C}
    [2011/11/19 09:48:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2AB63947-168B-4A58-AF22-84ED99ACEC8A}
    [2011/11/19 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{677EC099-1463-4A01-AFA0-0437F41D0A8E}
    [2011/11/19 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{ABE254E7-4D19-493C-B06C-56E0D984BCE6}
    [2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
    [2011/12/18 19:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/18 19:07:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/18 18:42:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/12/18 18:39:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 18:39:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/18 18:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/18 18:18:52 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
    [2011/12/16 22:18:17 | 000,000,512 | ---- | M] () -- C:\Users\Fname Lname\Desktop\MBR.dat
    [2011/12/16 12:47:10 | 000,138,240 | ---- | M] () -- C:\Users\Fname Lname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/16 08:06:05 | 140,567,986 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
    [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
    [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
    [2011/12/15 08:19:29 | 000,400,384 | ---- | M] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
    [2011/12/14 08:06:23 | 000,000,000 | ---- | M] () -- C:\Users\Fname Lname\AppData\Local\prvlcl.dat
    [2011/12/14 07:48:00 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
    [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
    [2011/12/13 22:29:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/12/12 18:47:59 | 000,394,298 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/12/12 08:26:34 | 000,000,575 | ---- | M] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\GAApplication(Rev 6-05) - Shortcut.lnk
    [2011/12/11 17:11:18 | 000,775,636 | ---- | M] () -- C:\Users\Fname Lname\Desktop\Transcript.pdf
    [2011/12/04 10:23:00 | 000,000,124 | ---- | M] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
    [2011/11/30 23:12:59 | 000,615,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/30 23:12:59 | 000,107,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/30 22:27:50 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
    [2011/11/30 22:23:25 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
    [2011/11/29 19:33:32 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/11/29 19:28:28 | 062,844,032 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
    [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
    [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/11/25 14:50:30 | 000,044,527 | ---- | M] () -- C:\Users\Fname Lname\Desktop\pic2.jpg
    [2011/11/24 20:50:07 | 340,265,739 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/16 22:43:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/12/16 22:43:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/12/16 22:43:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/12/16 22:43:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/12/16 22:43:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/16 22:18:17 | 000,000,512 | ---- | C] () -- C:\Users\Fname Lname\Desktop\MBR.dat
    [2011/12/15 08:19:29 | 000,400,384 | ---- | C] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
    [2011/12/15 08:19:23 | 000,001,268 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
    [2011/12/15 08:19:23 | 000,001,268 | -HS- | C] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
    [2011/12/13 20:03:00 | 000,011,534 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
    [2011/12/13 20:03:00 | 000,011,534 | -HS- | C] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
    [2011/12/12 08:26:34 | 000,000,575 | ---- | C] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\GAApplication(Rev 6-05) - Shortcut.lnk
    [2011/12/04 10:23:00 | 000,000,124 | ---- | C] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
    [2011/11/30 22:27:50 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2011/11/29 19:33:32 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/11/29 12:28:16 | 000,003,710 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
    [2011/11/29 12:28:16 | 000,003,710 | -HS- | C] () -- C:\ProgramData\2e01oq0m46k223
    [2011/11/25 14:49:03 | 000,044,527 | ---- | C] () -- C:\Users\Fname Lname\Desktop\pic2.jpg
    [2011/11/24 12:04:14 | 340,265,739 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/06/20 20:23:18 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
    [2011/02/18 18:18:19 | 000,000,680 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\d3d9caps.dat
    [2010/09/06 10:38:20 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2010/05/06 22:38:32 | 000,000,000 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\prvlcl.dat
    [2009/09/07 10:28:05 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
    [2009/08/04 17:06:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/04 17:06:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/01/09 12:18:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/01/01 20:56:10 | 000,017,089 | ---- | C] () -- C:\Users\Fname Lname\AppData\Roaming\UserTile.png
    [2009/01/01 18:43:46 | 000,138,240 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/01 11:44:49 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/06/10 01:43:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/06/10 01:43:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/06/10 01:43:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2008/06/10 01:43:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/06/10 01:41:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/02/05 00:33:35 | 000,360,448 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,303,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,615,914 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,107,922 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
    [2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
    [2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

    ========== LOP Check ==========

    [2010/03/12 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\acccore
    [2010/09/06 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Ashampoo
    [2011/12/14 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\BitTorrent
    [2010/09/06 10:38:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Canneverbe Limited
    [2011/11/13 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1
    [2011/11/13 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl
    [2011/03/05 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Jaksta
    [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n
    [2010/09/10 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\NCH Swift Sound
    [2011/11/13 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ
    [2009/01/01 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\PeerNetworking
    [2011/11/13 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3
    [2011/05/22 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic
    [2009/01/02 00:03:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\SampleView
    [2010/12/18 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\SecondLife
    [2011/11/13 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY
    [2009/01/01 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\WildTangent
    [2011/05/24 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Windows Live Writer
    [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw
    [2011/12/18 18:37:59 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/05 00:22:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/12/18 18:50:01 | 000,051,125 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/09/07 10:27:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/12 19:06:04 | 000,000,361 | -H-- | M] () -- C:\IPH.PH
    [2008/06/10 02:22:08 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2009/09/07 10:27:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/12/18 18:38:53 | 3524,980,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/10 02:27:51 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2011/12/17 22:43:34 | 000,000,370 | ---- | M] () -- C:\rkill.log
    [2009/01/01 11:40:38 | 000,000,067 | -H-- | M] () -- C:\T4Metrics.log
    [2011/12/16 21:36:59 | 000,074,464 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_21.28.48_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/13 11:07:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/04 10:23:00 | 000,000,124 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
    [2011/08/22 17:54:10 | 000,000,286 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/18 18:18:52 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
    [2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
    [2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/01/01 11:37:21 | 000,000,402 | -HS- | M] () -- C:\Users\Fname Lname\Favorites\desktop.ini
    [2011/08/22 18:36:51 | 000,000,264 | ---- | M] () -- C:\Users\Fname Lname\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
    [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
    [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
    [2011/11/30 22:27:50 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >
    [2011/12/16 22:16:03 | 000,000,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\MBR.dat

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
  18. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Extras.txt log...

    OTL Extras logfile created on: 12/18/2011 7:31:59 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fname Lname\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
    6.18 Gb Paging File | 5.02 Gb Available in Paging File | 81.25% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.12 Gb Total Space | 13.18 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
    Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

    Computer Name: FNAMELNAME-PC | User Name: Fname Lname | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{8C3064BF-C002-45A4-A9B6-1B9DF4A1A3C0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BB90C31C-6558-4C63-99C8-3B30606250D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{DF77BEB1-55CB-4690-B555-0EDD1679FA39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E0E85EB1-7912-413D-A9F0-F5D1D18F0B59}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{026F2218-F041-4F0C-94F6-2E6D7D9FA431}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{04D61EC8-A055-4045-B1F5-14205FD5FBC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{17ED47FE-86E5-43FD-9AE6-DBC2803136D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{22A5BCB1-FCC2-4397-A5B2-AAE001308FDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{2BB3B132-139C-45A5-B0C4-2599DBF7F39A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{2D07C018-D70E-4B5F-AAE7-BA592D26F710}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{31283935-A67D-4DEA-A488-12F62ADE0528}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{449FD92E-41DA-4DC4-82E5-CB2519407567}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{4C0A8B19-7EE0-4905-952E-9360DC223FA8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{4C24582A-20A0-4829-8627-2324D53DE07B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{5F46BE29-88CF-446D-9C1A-A9BE7AA25F41}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{5FEF3BE1-B2DE-49C7-AFCF-21FFEB7403AE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{6A1F6936-D0DA-4D82-A4AB-1556EDF3D028}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{6A752F4E-F3B5-4F85-B56C-5FD79BEC1431}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{6C6D0389-A798-419A-8DFE-1F0ACDE31083}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6D9349BD-EEFA-46BE-9978-FEAB8FDD811B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{738A1A2B-558B-46DD-8832-A1FB9E939E9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{76B95CEC-6C3F-4EF0-A4F2-848DE17CDA56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{7A870C3F-551E-41E8-87F6-CFF46454FFF6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{7EDB53B2-EF5F-4C3B-B971-E5719A1ADB6E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{824F0B2C-B64F-491F-864A-61832C626D68}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii - the warchiefs trial\age3x.exe |
    "{8C5714BA-3741-494A-BADF-60CA71EACBF5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{8D16B45A-FF1E-4C73-949B-1F60AE1C9BE1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{96BC04CC-9E64-44EF-886A-73694638A41D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{99AC51F6-4F53-4884-9A5D-EEE1C2B1560A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{9B58C8F6-03B3-448C-ABCB-F5A6A7B4E4FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{9C35F01F-843C-470A-A465-75C7A9AE8D30}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{9CB4DBED-9877-44CC-B055-C3B01E28276F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{9D9C2C32-EBF0-4770-A449-379EE1B9AAC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9F91C8C7-4458-4902-A9A2-73838382223C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{A155AF77-718F-48E4-96D6-7BD0211A8496}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{A6B1C32B-DB3F-408F-A006-700B8E802508}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{B1A0B7EA-7AD6-44EC-A78F-2DB6D2761616}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
    "{C2FF82C1-9730-47F9-B9BF-6C4F98A66AB2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{C659EFDB-74DB-47C2-BBB6-45641C936556}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{C8EF8B23-5989-453E-AE13-976833ED5858}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{CB20E316-6F64-49B1-B1B3-F0D3608893B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{CFEE9E3D-43DA-4C3C-BB86-955C1EF3A696}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
    "{D20003C7-3862-42AF-87A1-74127506DD16}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii - the warchiefs trial\age3x.exe |
    "{D443974C-1F8C-4419-BE41-8C251EE4FE5E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1230828047\ee\aolsoftware.exe |
    "{D5A1942F-153C-4430-9562-E96105BB78D7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{D7C18357-3C9D-4648-9CC1-1514A7B9B4FC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1230828047\ee\aolsoftware.exe |
    "{E46A71BE-4701-40E7-BAE7-106432EEA553}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{E994ACCA-D96A-4899-9EAE-FF611676550B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{FCFDCC11-5002-42C7-8671-67ED8B2254CF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "TCP Query User{34DD82E1-6CF4-4EBD-AA89-CD3B5B78AF2A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "TCP Query User{730306FE-5E3D-4B11-96C9-78B4813F2992}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{8E424F18-AB71-4F91-9A34-78410D3FA344}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{CDAF655A-C86E-4D2F-A28E-4031DE44BF65}C:\users\Fname Lname\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\Fname Lname\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{D4A805BC-7858-4E18-8576-33B38A9E0D17}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{3A009AB4-9632-463D-8FEC-620EFF456AB7}C:\users\Fname Lname\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\Fname Lname\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{52BB1B1F-DE3D-4D13-AA21-DE6B3162462D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{A2D64200-C1A0-475F-90B2-81E5F4D5B04B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{ABF3B902-A7E5-4E54-85CE-CB2A8CE77FFA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{B0C72184-F8D9-43EC-AEB4-7720FE67B3E9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E094147-7077-45BC-833A-151AD53488F6}" = Jaksta Streaming Media Recorder
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AIM_7" = AIM 7
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
    "avast" = avast! Free Antivirus
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BitTorrent" = BitTorrent
    "CamStudio" = CamStudio
    "CleanUp!" = CleanUp!
    "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
    "DivX Setup.divx.com" = DivX Setup
    "ExpressBurn" = Express Burn Disc Burning Software
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GRE POWERPREP" = GRE POWERPREP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Money2007b" = Microsoft Money Essentials
    "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
    "MP4 Player" = MP4 Player
    "MyAshampoo Toolbar" = MyAshampoo Toolbar
    "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
    "PokerStars" = PokerStars
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WavePad" = WavePad Sound Editor
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
     
  19. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Extras.txt cont'd...

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Move Media Player" = Move Media Player
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/17/2011 2:31:54 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/17/2011 4:12:54 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/17/2011 4:15:46 PM | Computer Name = FnameLname-PC | Source = Application Hang | ID = 1002
    Description = The program googletalk.exe version 1.0.0.104 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: f80 Start Time: 01ccbcf878aff062 Termination Time: 15

    Error - 12/17/2011 4:16:38 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
    Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
    0xc98, application start time 0x01ccbcf8bfdf53e2.

    Error - 12/17/2011 11:40:34 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
    Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
    0x470, application start time 0x01ccbd366aa67552.

    Error - 12/18/2011 10:36:57 AM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 11:24:20 AM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
    Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
    0x588, application start time 0x01ccbd9826cbaf7b.

    Error - 12/18/2011 6:52:48 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 7:40:42 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 8:30:07 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
    Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
    stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
    0xd4c, application start time 0x01ccbddff7034ddb.

    [ Media Center Events ]
    Error - 10/11/2009 10:24:05 PM | Computer Name = FnameLname-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 2/27/2010 6:36:13 PM | Computer Name = FnameLname-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 2/8/2009 8:40:45 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 480
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/26/2009 11:40:07 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3695
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 3/29/2009 9:26:24 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5450
    seconds with 1740 seconds of active time. This session ended with a crash.

    Error - 3/31/2009 11:26:56 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 749
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 4/25/2009 9:31:51 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 86271
    seconds with 12840 seconds of active time. This session ended with a crash.

    Error - 6/25/2010 9:13:57 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3130
    seconds with 1740 seconds of active time. This session ended with a crash.

    Error - 3/13/2011 1:22:01 AM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12704
    seconds with 2580 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/18/2011 7:35:17 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 12/18/2011 7:35:17 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/18/2011 7:37:26 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/18/2011 7:37:40 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
    Description =


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-110309-193829)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
      [2011/02/23 19:38:49 | 000,002,567 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml
      [2011/12/11 10:33:02 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\
      CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
      O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
      O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
      O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found
      [2011/12/16 08:06:05 | 140,567,986 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
      [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
      [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
      [2011/12/15 08:19:29 | 000,400,384 | ---- | M] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
      [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
      [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
      [2011/12/12 18:47:59 | 000,394,298 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
      [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
      [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
      [2011/11/13 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1
      [2011/11/13 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl
      [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n
      [2011/11/13 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ
      [2011/11/13 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3
      [2011/05/22 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic
      [2011/11/13 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY
      [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D
      1B5B4F1
      
      :Files
      C:\PROGRA~1\AVG
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    OTL log below. I hope everything looks as it is supposed to. I see a lot of "not found" mentions.

    Assuming the OTL log looks good, I will proceed with the previously requested scans/directions tomorrow.

    Thanks

    ----

    All processes killed
    ========== OTL ==========
    Error: No service named GoogleDesktopManager-110309-193829 was found to stop!
    Service\Driver key GoogleDesktopManager-110309-193829 not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
    C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml moved successfully.
    File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
    Prefs.js: avg@igeared:6.010.006.004 removed from extensions.enabledItems
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18 not found.
    File C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
    Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ not found.
    File {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found not found.
    File C:\Windows\System32\drivers\AVG\incavi.avm.old not found.
    C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8 moved successfully.
    File C:\ProgramData\607885p0r580t127s003l4glr2a8 not found.
    C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe moved successfully.
    C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7 moved successfully.
    File C:\ProgramData\543355v4g606c064d538e7hbv5s7 not found.
    File C:\Windows\System32\drivers\AVG\iavichjg.avm not found.
    C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223 moved successfully.
    File C:\ProgramData\2e01oq0m46k223 not found.
    C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1 folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3 folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY folder moved successfully.
    C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw folder moved successfully.
    Unable to delete ADS C:\ProgramData\TEMP:D .
    ========== FILES ==========
    File\Folder C:\PROGRA~1\AVG not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Fname Lname
    ->Temp folder emptied: 32804 bytes
    ->Temporary Internet Files folder emptied: 80950 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 13364567 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 659 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 172555 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 13.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Fname Lname
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12182011_225124

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Fname Lname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9D31381E-33DE-439E-A40C-AEED4AC31B51}.tmp not found!
    File\Folder C:\Users\Fname Lname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{975F121E-28E1-42BE-B02B-2FD22752DDFC}.tmp not found!

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Go on...........
     
  23. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Security Check Log...

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player ( 10.3.181.22) Flash Player Out of Date!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````

    Still running other scans...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,884   +344

  25. Sammy22

    Sammy22 TS Rookie Topic Starter Posts: 19

    Java 6 Update 5 has been deleted. Adobe for IE and Firefox have been updated.
    TFC ran without issue or reboot.
    AVG Remover ran with the following log:

    2011-12-20 03:19:48,947 INFO AvgRemover 2012.0.5
    -------------------------------------------------------
    2011-12-20 03:19:48,994 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
    2011-12-20 03:19:48,994 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
    2011-12-20 03:19:48,994 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:programFilesDir (x86) value failed (error: e001003d)
    2011-12-20 03:19:48,994 INFO Command line: "C:\Users\Fname Lname\Downloads\avg_remover_stf_x86_2012_1796.exe"
    2011-12-20 03:19:48,994 WARN AvgDir param empty.
    2011-12-20 03:19:48,994 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG9', use this path as default.
    2011-12-20 03:19:54,688 INFO AvgRemover runs in attempt number 1
    2011-12-20 03:19:54,688 INFO Attempting to unregister AVG from the Windows Security Center.
    2011-12-20 03:19:54,688 INFO Attempting to uninstall toolbar

    NOTE:
    I ran ESET Online Scanner and it was at the 2 hour 15 min mark (99% of scan completed) before my computer forced closed. At that point, the scan had discovered two infections. I will retry the ESET Scan tomorrow and report back.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...