Solved XP Antivirus 2012 and other Malware

[Sammy22]

For the past month or so, I have been battling some malware and virus issues that include the faux XP Antivirus notification. I believe there was also an issue with netbt.sys. AVG Antivirus, Avast, and Malware Bytes have done a decent job of limiting damage, but the problems continue. The impacts include; computer shutting off randomly, slower system performance, and hijacked applications.

Logs to follow shortly...

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Sammy22]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8354

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/15/2011 8:23:56 PM
mbam-log-2011-12-15 (20-23-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 366302
Time elapsed: 2 hour(s), 23 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (3f) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\fname lname\AppData\Local\vdq.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

***********************************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-15 21:09:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO
Running: 1sn30pcr.exe; Driver: C:\Users\RYANRE~1\AppData\Local\Temp\pxlyyuow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FE2C7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Sammy22]

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by FName LName at 22:41:57 on 2011-12-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1575 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [googletalk] c:\users\fname lname\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HostManager] c:\program files\common files\aol\1230828047\ee\AOLSoftware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\fnamere~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=7B01D6FA-80C1-4DAB-A5B8-1DC6210949C9&apn_ptnrs=GG&apn_sauid=235D3102-95C0-41F7-8F76-684365DD26C4&apn_dtid=YYYYYYB3US&q=
FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\users\fname lname\appdata\roaming\mozilla\firefox\profiles\2wcv829m.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\fname lname\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\fname lname\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\fname lname\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\fname lname\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-29 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-29 314456]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-29 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-29 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-29 44768]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-4 366152]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\JakNDis.sys [2010-10-26 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-4 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-7 167264]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2010-10-26 28256]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-16 01:53:54 -------- d-----w- c:\users\fname lname\appdata\local\{ADE71AE9-9B4D-46A5-B134-F7730EC1678C}
2011-12-16 01:53:41 -------- d-----w- c:\users\fname lname\appdata\local\{DFF8D878-2D9F-4041-B558-605F3E1302C2}
2011-12-15 13:00:51 -------- d-----w- c:\users\fname lname\appdata\local\{38A1C4DF-6B79-4376-A636-86D2FE17A0E9}
2011-12-15 13:00:36 -------- d-----w- c:\users\fname lname\appdata\local\{8C78F3FF-4ABA-41B3-B13C-4928EDDBF4F2}
2011-12-15 01:50:23 -------- d-----w- c:\users\fname lname\appdata\local\{EB89C177-6E17-4588-9280-E77E0392698F}
2011-12-15 01:50:16 -------- d-----w- c:\users\fname lname\appdata\local\{A00577AC-AF7A-4923-9075-4E1222A207C8}
2011-12-14 12:54:37 -------- d-----w- c:\users\fname lname\appdata\local\{52D0C189-24D2-4B09-90F6-3120E7054EAC}
2011-12-14 12:54:22 -------- d-----w- c:\users\fname lname\appdata\local\{653F728F-03FD-4E86-990F-625C76E0C1BF}
2011-12-14 02:35:54 -------- d-----w- c:\users\fname lname\appdata\local\{593CE855-6329-4112-A134-71A15A55DE7B}
2011-12-13 23:33:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-13 23:33:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 23:33:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 23:33:25 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:33:22 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 23:33:20 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 23:32:08 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 23:16:00 -------- d-----w- c:\users\fname lname\appdata\local\{81D750CB-37D8-401F-9138-DD22F9EC9CB8}
2011-12-13 23:15:47 -------- d-----w- c:\users\fname lname\appdata\local\{B8CC1A4C-3D7C-40D2-A1C5-4C02264A28B9}
2011-12-13 12:59:10 -------- d-----w- c:\users\fname lname\appdata\local\{743A54C9-A92D-4BBB-B563-0AC222AE128C}
2011-12-13 12:58:58 -------- d-----w- c:\users\fname lname\appdata\local\{E3EA28CE-75A2-4E39-B0A9-2254063AB45A}
2011-12-13 02:49:32 -------- d-----w- c:\users\fname lname\appdata\local\{3C516639-0929-4E0F-8B74-AA91DE7C4AC6}
2011-12-13 02:49:25 -------- d-----w- c:\users\fname lname\appdata\local\{8988CAC5-1825-4613-8EA5-766D58569F67}
2011-12-12 22:55:31 -------- d-----w- c:\users\fname lname\appdata\local\{F4805897-6267-4606-A9AA-72A486764C60}
2011-12-12 22:55:20 -------- d-----w- c:\users\fname lname\appdata\local\{152FA511-39F9-4D99-9101-019919132B0E}
2011-12-12 12:54:26 -------- d-----w- c:\users\fname lname\appdata\local\{78AF7FBF-8419-466B-A0F0-9FBDECA9423B}
2011-12-12 12:54:21 -------- d-----w- c:\users\fname lname\appdata\local\{8D4F97A0-ABEB-4B76-87AF-9F90FBA9BC2E}
2011-12-11 19:05:08 -------- d-----w- c:\users\fname lname\appdata\local\{A9B6FBF1-6DB2-4D5F-9567-EABD954A16E3}
2011-12-11 19:05:07 -------- d-----w- c:\users\fname lname\appdata\local\{3C046837-54D5-4862-9009-DC5ABBC49A7C}
2011-12-11 15:33:12 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-11 15:33:04 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-11 15:33:02 -------- d-----w- c:\program files\AVG Secure Search
2011-12-11 15:19:22 -------- d-----w- c:\users\fname lname\appdata\local\{290D27C9-BF77-481B-9904-96BC47708D22}
2011-12-11 15:19:09 -------- d-----w- c:\users\fname lname\appdata\local\{8BE8B0F7-FB82-4CD1-8A81-C79AFB6530BD}
2011-12-11 03:34:19 -------- d-----w- c:\users\fname lname\appdata\local\{17A956AF-52EF-4489-A126-ED593F795A4C}
2011-12-11 03:34:10 -------- d-----w- c:\users\fname lname\appdata\local\{91D7F1A0-8F99-42A2-A7D7-3F93B66DA41D}
2011-12-10 14:29:16 -------- d-----w- c:\users\fname lname\appdata\local\{52C2DB27-E8B2-447F-A3F2-B49E5B7E1C4E}
2011-12-10 14:29:04 -------- d-----w- c:\users\fname lname\appdata\local\{A7F8ACCD-86F1-41D4-A74F-E417BC95AB7A}
2011-12-10 03:43:26 -------- d-----w- c:\users\fname lname\appdata\local\{71D4FA57-5F62-4D02-AFE6-4221F0EF0A35}
2011-12-10 03:43:12 -------- d-----w- c:\users\fname lname\appdata\local\{FCC84171-3731-488C-A371-800674A373A7}
2011-12-09 22:05:50 -------- d-----w- c:\users\fname lname\appdata\local\{2C2161FA-E954-4AB1-85C5-4A2AF78CE229}
2011-12-09 22:05:45 -------- d-----w- c:\users\fname lname\appdata\local\{C48B8FF1-C0C4-4504-97C3-9E3E10A945EB}
2011-12-08 22:58:32 -------- d-----w- c:\users\fname lname\appdata\local\{5354FF42-3DB0-4417-837E-AFB36FF2E864}
2011-12-08 22:58:20 -------- d-----w- c:\users\fname lname\appdata\local\{58528AEC-872A-46DF-B890-9C20281C2ED4}
2011-12-08 13:00:42 -------- d-----w- c:\users\fname lname\appdata\local\{B74472AC-4E3B-404A-8005-B6873950F252}
2011-12-08 13:00:40 -------- d-----w- c:\users\fname lname\appdata\local\{FB86E75D-F52A-4F51-8112-1A71AB078FF8}
2011-12-07 23:02:06 -------- d-----w- c:\users\fname lname\appdata\local\{AF0F43C5-23C7-4606-8E05-67F05268D289}
2011-12-07 23:01:54 -------- d-----w- c:\users\fname lname\appdata\local\{B57C035D-AD91-4F38-A50E-0D407D8491DD}
2011-12-07 13:00:56 -------- d-----w- c:\users\fname lname\appdata\local\{CA8E0B6D-78ED-4287-B723-0B8A18AA8D95}
2011-12-07 13:00:43 -------- d-----w- c:\users\fname lname\appdata\local\{2780868F-DD11-45D3-A7BC-1004223BE700}
2011-12-06 23:21:23 -------- d-----w- c:\users\fname lname\appdata\local\{36DB32AD-F60F-4C1D-A8C5-2F6CEB9033C4}
2011-12-06 23:21:11 -------- d-----w- c:\users\fname lname\appdata\local\{3841C196-22AE-4D36-8F4F-6D5840DA71DA}
2011-12-06 13:07:27 -------- d-----w- c:\users\fname lname\appdata\local\{4A2899C1-D37F-46FB-AD07-4AB56EF995BD}
2011-12-06 13:07:26 -------- d-----w- c:\users\fname lname\appdata\local\{2F69187E-8BAB-4FF5-899D-0942EA12F1F7}
2011-12-05 23:15:17 -------- d-----w- c:\users\fname lname\appdata\local\{DC4829C6-6FAF-4BDE-AFC4-E03AF03A54A3}
2011-12-05 23:15:04 -------- d-----w- c:\users\fname lname\appdata\local\{4424DE16-D8EE-4450-B18C-1264E2FF1B13}
2011-12-05 13:05:07 -------- d-----w- c:\users\fname lname\appdata\local\{D83DED76-5815-4BC4-8741-D6B8D9CA1586}
2011-12-05 13:04:55 -------- d-----w- c:\users\fname lname\appdata\local\{D806AD2A-1DF2-4E88-BAB8-5041FDF73A41}
2011-12-04 14:53:57 -------- d-----w- c:\users\fname lname\appdata\local\{B0D16FD4-FAD1-41F2-9D0D-AB2C413C0ACE}
2011-12-04 14:53:44 -------- d-----w- c:\users\fname lname\appdata\local\{88EE9727-A028-4295-A681-CA737D6B0128}
2011-12-03 14:56:23 -------- d-----w- c:\users\fname lname\appdata\local\{4BFC9364-226F-415D-A868-2F58F7A770EC}
2011-12-03 14:56:10 -------- d-----w- c:\users\fname lname\appdata\local\{65089BEA-756F-42C0-88B1-D0107CE4CF8A}
2011-12-03 01:28:33 -------- d-----w- c:\users\fname lname\appdata\local\{26D41BB7-DBC7-4F21-9DF9-3C082BF8DD8E}
2011-12-03 01:28:21 -------- d-----w- c:\users\fname lname\appdata\local\{F38551ED-6BEA-4B85-A6C3-8EA726FD153C}
2011-12-02 23:15:09 -------- d-----w- c:\users\fname lname\appdata\local\{55F173B2-899A-4643-B4B7-6B0D61D1FF95}
2011-12-02 23:14:56 -------- d-----w- c:\users\fname lname\appdata\local\{A767DD70-3E0E-4065-8073-9F9C36F2CBD7}
2011-12-02 13:07:36 -------- d-----w- c:\users\fname lname\appdata\local\{5D233606-072D-4E01-A9D8-1A042119274C}
2011-12-02 13:07:24 -------- d-----w- c:\users\fname lname\appdata\local\{4C6F518C-C909-4F85-AE1A-3F814944FECB}
2011-12-01 22:56:05 -------- d-----w- c:\users\fname lname\appdata\local\{75B147F5-9389-4F64-932B-B7543FC076C5}
2011-12-01 22:55:53 -------- d-----w- c:\users\fname lname\appdata\local\{70A58D7A-3BD5-4A05-B424-F456DA84DF8B}
2011-12-01 13:09:53 -------- d-----w- c:\users\fname lname\appdata\local\{BFC2F997-1E01-4BCC-93AF-2193CC78D237}
2011-12-01 13:09:40 -------- d-----w- c:\users\fname lname\appdata\local\{48D9EAC0-8C2F-49C3-AE23-DBEC268A519E}
2011-12-01 03:53:22 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-12-01 03:42:53 -------- d-----w- c:\programdata\Trend Micro
2011-12-01 03:42:23 -------- d-----w- c:\users\fname lname\appdata\local\{B1B9CCE5-07EE-43BE-980F-DF9A1F2F355B}
2011-12-01 03:42:11 -------- d-----w- c:\users\fname lname\appdata\local\{B5C37A32-7F53-47E9-B58B-CAACF03730C1}
2011-12-01 03:32:58 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2011-11-30 22:56:41 -------- d-----w- c:\users\fname lname\appdata\local\{4BF7D56C-CFB1-4559-B821-317825C588F6}
2011-11-30 22:56:26 -------- d-----w- c:\users\fname lname\appdata\local\{4579AA29-7CBA-494F-90D7-2BE506341DB0}
2011-11-30 13:11:30 -------- d-----w- c:\users\fname lname\appdata\local\{B75C84A0-707F-4080-B676-6EC14A74347B}
2011-11-30 13:11:29 -------- d-----w- c:\users\fname lname\appdata\local\{3D488A34-269C-4023-8C00-3B5E5F3C1F95}
2011-11-30 04:43:57 -------- d-----w- c:\programdata\AVG2012
2011-11-30 04:37:57 -------- d-----w- c:\users\fname lname\appdata\local\{A73E9E47-408C-4E96-99A1-0E8A58CECFCD}
2011-11-30 04:37:56 -------- d-----w- c:\users\fname lname\appdata\local\{589B1D1D-16FA-476B-BDE6-7D0E214A4C75}
2011-11-30 02:38:32 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-30 00:32:57 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-30 00:32:54 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-30 00:32:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-30 00:31:53 -------- d-----w- c:\programdata\AVAST Software
2011-11-30 00:31:53 -------- d-----w- c:\program files\AVAST Software
2011-11-30 00:09:13 -------- d-----w- c:\program files\Trend Micro
2011-11-29 17:13:30 -------- d-----w- c:\users\fname lname\appdata\local\{E93A4C1C-17AC-4A32-B879-215B16E09882}
2011-11-29 17:13:17 -------- d-----w- c:\users\fname lname\appdata\local\{3FF6016A-9D7F-43DE-88DC-CC7F382FFDD5}
2011-11-29 13:08:08 -------- d-----w- c:\users\fname lname\appdata\local\{7A74A1CC-1F6D-4E04-B1DF-36CE072B45E4}
2011-11-29 13:07:57 -------- d-----w- c:\users\fname lname\appdata\local\{E7794804-8CEB-4043-824C-FE698C22DD43}
2011-11-28 22:50:20 -------- d-----w- c:\users\fname lname\appdata\local\{174C6A31-A1A9-4802-9E1E-173CC099B2ED}
2011-11-28 22:50:08 -------- d-----w- c:\users\fname lname\appdata\local\{C6627B21-2C75-4EEA-BF41-0B604E1ED978}
2011-11-28 13:06:48 -------- d-----w- c:\users\fname lname\appdata\local\{B70513A6-A212-45E1-B629-A40C53124A27}
2011-11-28 13:06:47 -------- d-----w- c:\users\fname lname\appdata\local\{A0EF3092-7A47-4B46-9E9E-71AC15DC0003}
2011-11-27 18:35:29 -------- d-----w- c:\users\fname lname\appdata\local\{717A19F1-67AE-4DE4-8663-764987529A8A}
2011-11-27 18:35:25 -------- d-----w- c:\users\fname lname\appdata\local\{EF49DADB-027D-425E-99C9-15CD08F21416}
2011-11-27 16:50:57 -------- d-----w- c:\users\fname lname\appdata\local\{EB9AFA10-F61C-4DBD-A4B5-4F6CBF468D63}
2011-11-27 16:50:41 -------- d-----w- c:\users\fname lname\appdata\local\{7180099B-308F-4C36-B328-F9AB9F67A606}
2011-11-27 03:03:20 -------- d-----w- c:\users\fname lname\appdata\local\{BE594E07-6B8F-4C7E-827A-AD897227263F}
2011-11-25 19:30:27 -------- d-----w- c:\users\fname lname\appdata\local\{38FFA232-C039-4F4C-9C36-BE2167C1A301}
2011-11-25 19:30:15 -------- d-----w- c:\users\fname lname\appdata\local\{8970C49C-3EAA-47AB-9885-6F9699D9B5A6}
2011-11-25 17:49:15 -------- d-----w- c:\users\fname lname\appdata\local\{DF19B9DD-8A62-4E5C-B3E8-8A10C07911A9}
2011-11-25 17:49:02 -------- d-----w- c:\users\fname lname\appdata\local\{21B11D31-F445-418A-9658-6F87FE3C1FBA}
2011-11-25 15:43:40 -------- d-----w- c:\users\fname lname\appdata\local\{8CB350D2-7B83-4FE7-BB6C-413174613EA6}
2011-11-25 15:43:28 -------- d-----w- c:\users\fname lname\appdata\local\{7A5FA540-08C8-439A-8988-44C2AD7358D7}
2011-11-25 04:40:00 -------- d-----w- c:\users\fname lname\appdata\local\{F0B9542E-BEBA-4317-BBD7-C8E6485E85CA}
2011-11-25 04:39:59 -------- d-----w- c:\users\fname lname\appdata\local\{E07366B8-D3BB-489A-9954-C0DCDCDC3711}
2011-11-25 01:59:55 -------- d-----w- c:\users\fname lname\appdata\local\{2E436EE3-05DC-4F5A-88BA-CB438F1FFF7D}
2011-11-25 01:59:16 -------- d-----w- c:\users\fname lname\appdata\local\{DFAFACCE-A417-431F-B003-5D874DD3342B}
2011-11-24 18:30:17 -------- d-----w- c:\users\fname lname\appdata\local\{74FEACA2-676B-46DC-887F-0BAC8654540D}
2011-11-24 18:29:47 -------- d-----w- c:\users\fname lname\appdata\local\{1B78BE29-CD47-4DA4-9BCA-7626B2F98B29}
2011-11-24 18:03:29 -------- d-----w- c:\users\fname lname\appdata\local\{5A212C01-A0CF-40E3-A303-F5F898020F41}
2011-11-24 18:02:58 -------- d-----w- c:\users\fname lname\appdata\local\{5AAAAB42-5495-4464-B0D2-8D534D33186C}
2011-11-24 17:12:15 -------- d-----w- c:\users\fname lname\appdata\local\{65554DAE-A846-45E0-813D-42B819FA267A}
2011-11-24 17:11:45 -------- d-----w- c:\users\fname lname\appdata\local\{74002668-6F92-4C69-BAC4-A84BF57FE22B}
2011-11-24 16:44:55 -------- d-----w- c:\users\fname lname\appdata\local\{378E4D86-4136-4B80-A0CD-163D2A1C6E7F}
2011-11-24 16:44:24 -------- d-----w- c:\users\fname lname\appdata\local\{00B0D81A-0A4E-4200-8F6E-48668031402C}
2011-11-24 15:47:46 -------- d-----w- c:\users\fname lname\appdata\local\{94C2E2A1-2758-4E06-B56E-26A589C0F7FE}
2011-11-24 15:47:16 -------- d-----w- c:\users\fname lname\appdata\local\{49950FA5-DA01-47AC-85B1-94C78D210DD4}
2011-11-24 04:22:19 -------- d-----w- c:\users\fname lname\appdata\local\{E9A3B058-04A9-4450-8EA2-B1C505C33E6E}
2011-11-24 04:21:47 -------- d-----w- c:\users\fname lname\appdata\local\{FF92CD3F-7290-462A-9B01-7F41364B20BE}
2011-11-24 01:43:26 -------- d-----w- c:\users\fname lname\appdata\local\{B7BEB154-31F3-4CC6-80D3-2203451078CD}
2011-11-24 00:48:09 -------- d-----w- c:\users\fname lname\appdata\local\{91298011-A38C-43BD-8419-900B2989B815}
2011-11-24 00:47:40 -------- d-----w- c:\users\fname lname\appdata\local\{43AE4660-5901-4760-8D99-F3FCBA1CEF0E}
2011-11-24 00:08:45 -------- d-----w- c:\users\fname lname\appdata\local\{0B0996BD-CA5D-490F-B1CA-314BD33E4EEE}
2011-11-24 00:08:15 -------- d-----w- c:\users\fname lname\appdata\local\{F24487EF-43B0-415F-8102-9878B789F766}
2011-11-23 18:13:48 -------- d-----w- c:\users\fname lname\appdata\local\{0116AE6E-17CD-4106-ADA9-44BEC919F2CE}
2011-11-23 00:13:25 -------- d-----w- c:\users\fname lname\appdata\local\{A213DD3C-0378-4FF5-AA49-AD9770EAF914}
2011-11-23 00:12:59 -------- d-----w- c:\users\fname lname\appdata\local\{102DF5BC-D167-4B88-AF49-CB07E1F15CB6}
2011-11-22 20:38:02 -------- d-----w- c:\users\fname lname\appdata\local\{79397ED6-C5F4-4D13-A6EF-2FB385B325C4}
2011-11-22 20:37:41 -------- d-----w- c:\users\fname lname\appdata\local\{40120A0E-DE78-4FBE-86BE-C6D0171B7470}
2011-11-22 13:16:56 -------- d-----w- c:\users\fname lname\appdata\local\{6CB6EBC8-DD06-4E8D-A535-42B6D9F8A33B}
2011-11-22 13:16:35 -------- d-----w- c:\users\fname lname\appdata\local\{C38DCB21-5A48-48DE-B1F4-E6D21CCB3C00}
2011-11-21 23:28:49 -------- d-----w- c:\users\fname lname\appdata\local\{B1C4A133-57F6-406B-80E1-76A392E6FDF4}
2011-11-21 23:28:28 -------- d-----w- c:\users\fname lname\appdata\local\{CD4BEE6E-7943-4620-A2D4-455584C6648A}
2011-11-21 13:10:11 -------- d-----w- c:\users\fname lname\appdata\local\{95C078DF-B4F3-44A4-A1BE-81816500434E}
2011-11-21 13:09:49 -------- d-----w- c:\users\fname lname\appdata\local\{CEDEED44-5AD1-42FA-BA17-3118DC229390}
2011-11-20 15:04:02 -------- d-----w- c:\users\fname lname\appdata\local\{7D0491CF-6467-4F6F-8213-9FBA6386A49B}
2011-11-19 14:49:03 -------- d-----w- c:\users\fname lname\appdata\local\{5AA5550D-4D49-4FE2-8DB3-1B3110B9E26C}
2011-11-19 14:48:40 -------- d-----w- c:\users\fname lname\appdata\local\{2AB63947-168B-4A58-AF22-84ED99ACEC8A}
2011-11-19 05:00:47 -------- d-----w- c:\users\fname lname\appdata\local\{677EC099-1463-4A01-AFA0-0437F41D0A8E}
2011-11-19 05:00:19 -------- d-----w- c:\users\fname lname\appdata\local\{ABE254E7-4D19-493C-B06C-56E0D984BCE6}
2011-11-18 13:02:32 -------- d-----w- c:\users\fname lname\appdata\local\{42C31592-94D3-43BE-9897-49188A5D4E78}
2011-11-18 13:02:11 -------- d-----w- c:\users\fname lname\appdata\local\{DFF8EFD6-7263-415B-ACD0-3F79F092BFCF}
2011-11-17 22:55:23 -------- d-----w- c:\users\fname lname\appdata\local\{47EA8728-CEF9-460C-A570-6CCEDD5A80C6}
2011-11-17 22:55:02 -------- d-----w- c:\users\fname lname\appdata\local\{E31105EC-B1EA-45D6-A1B0-628EE23DFAC2}
2011-11-17 12:42:50 -------- d-----w- c:\users\fname lname\appdata\local\{D7512AE7-739D-44BD-8A51-D02BE0E70BB9}
2011-11-17 12:42:29 -------- d-----w- c:\users\fname lname\appdata\local\{1A5ECBAA-D02D-49D3-815E-807BB0B07734}
2011-11-17 02:58:10 -------- d-----w- c:\users\fname lname\appdata\local\{A7F26AAB-BB1D-430D-9ECC-38A57CCD4D23}
2011-11-17 02:57:48 -------- d-----w- c:\users\fname lname\appdata\local\{3D173FDA-F401-46A4-8225-C41C24E8FFDE}
2011-11-17 00:44:16 -------- d-----w- c:\users\fname lname\appdata\local\{A9949550-6522-4FDE-846C-6B4B0FFBD9F8}
2011-11-17 00:43:51 -------- d-----w- c:\users\fname lname\appdata\local\{C0AA4413-2A0F-4E44-9E0F-87166259AC81}
2011-11-16 13:02:19 -------- d-----w- c:\users\fname lname\appdata\local\{6329FB76-F0D9-415A-A6A4-A666E9DE8EEB}
2011-11-16 13:02:09 -------- d-----w- c:\users\fname lname\appdata\local\{13E9122D-6DE7-4CE0-A137-6FA2D8C17572}
.
==================== Find3M ====================
.
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 22:42:19.09 ===============

 

[Sammy22]

DDS Log #2...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/10/2008 3:02:06 AM
System Uptime: 12/15/2011 8:48:49 PM (2 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 14.823 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 5.18 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7563A_________________WX05____\5&28069620&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Optiarc DVD RW AD-7563A ATA Device
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7563A_________________WX05____\5&28069620&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Agere Systems HDA Modem
AIM 7
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
Ask Toolbar
avast! Free Antivirus
AVG 2011
AVG 2012
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BigFix
Bing Bar
BitTorrent
Bonjour
Browser Address Error Redirector
Camera Assistant Software for Gateway
CamStudio
CDBurnerXP
CleanUp!
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
D3DX10
DivX Setup
Download Updater (AOL LLC)
Express Burn Disc Burning Software
Gateway Games
Gateway Recovery Center Installer
GearDrvs
Google Chrome
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GRE POWERPREP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Jaksta Streaming Media Recorder
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.24)
MP4 Player
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAshampoo Toolbar
Napster
Napster Burn Engine
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OJOsoft Total Video Converter
PokerStars
POWERPREP II
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/15/2011 8:50:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: NetBT. This service might not be installed.
12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/15/2011 8:50:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/15/2011 8:50:50 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/15/2011 8:49:16 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/15/2011 7:25:53 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12/14/2011 9:09:34 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/13/2011 9:40:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/13/2011 9:33:21 PM, Error: EventLog [6008] - The previous system shutdown at 9:31:38 PM on 12/13/2011 was unexpected.
12/13/2011 11:45:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/13/2011 11:45:24 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2011 11:38:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2011 11:34:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/12/2011 7:48:37 AM, Error: EventLog [6008] - The previous system shutdown at 12:21:48 AM on 12/12/2011 was unexpected.
12/12/2011 12:07:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/12/2011 12:07:43 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 3:13:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater service to connect.
12/11/2011 3:13:39 PM, Error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 3:12:04 PM, Error: EventLog [6008] - The previous system shutdown at 3:10:01 PM on 12/11/2011 was unexpected.
12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
12/11/2011 10:30:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================

 

[Broni]

You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

Then....

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Sammy22]

Alright, Norton has been deleted.

TDSS Log is below...

21:28:48.0694 5552 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:28:49.0035 5552 ============================================================
21:28:49.0035 5552 Current date / time: 2011/12/16 21:28:49.0035
21:28:49.0035 5552 SystemInfo:
21:28:49.0035 5552
21:28:49.0036 5552 OS Version: 6.0.6002 ServicePack: 2.0
21:28:49.0036 5552 Product type: Workstation
21:28:49.0036 5552 ComputerName: FNAMELNAME-PC
21:28:49.0036 5552 UserName: Fname Lname
21:28:49.0036 5552 Windows directory: C:\Windows
21:28:49.0036 5552 System windows directory: C:\Windows
21:28:49.0036 5552 Processor architecture: Intel x86
21:28:49.0036 5552 Number of processors: 2
21:28:49.0036 5552 Page size: 0x1000
21:28:49.0036 5552 Boot type: Normal boot
21:28:49.0036 5552 ============================================================
21:28:49.0613 5552 Initialize success
21:29:12.0426 5412 ============================================================
21:29:12.0426 5412 Scan started
21:29:12.0426 5412 Mode: Manual;
21:29:12.0426 5412 ============================================================
21:29:17.0641 5412 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:29:17.0671 5412 ACPI - ok
21:29:18.0099 5412 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:29:18.0134 5412 adp94xx - ok
21:29:18.0587 5412 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:29:18.0633 5412 adpahci - ok
21:29:19.0390 5412 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:29:19.0416 5412 adpu160m - ok
21:29:19.0777 5412 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:29:19.0796 5412 adpu320 - ok
21:29:20.0289 5412 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:29:20.0335 5412 AFD - ok
21:29:21.0034 5412 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
21:29:21.0062 5412 AgereSoftModem - ok
21:29:21.0595 5412 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:29:21.0637 5412 agp440 - ok
21:29:22.0090 5412 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:29:22.0120 5412 aic78xx - ok
21:29:22.0353 5412 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:29:22.0375 5412 aliide - ok
21:29:22.0664 5412 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:29:22.0681 5412 amdagp - ok
21:29:22.0941 5412 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:29:22.0996 5412 amdide - ok
21:29:23.0181 5412 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:29:23.0203 5412 AmdK7 - ok
21:29:23.0497 5412 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:29:23.0522 5412 AmdK8 - ok
21:29:24.0421 5412 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:29:24.0447 5412 arc - ok
21:29:24.0928 5412 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:29:24.0955 5412 arcsas - ok
21:29:25.0476 5412 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
21:29:25.0477 5412 aswFsBlk - ok
21:29:26.0176 5412 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
21:29:26.0196 5412 aswMonFlt - ok
21:29:26.0620 5412 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
21:29:26.0641 5412 aswRdr - ok
21:29:27.0083 5412 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
21:29:27.0125 5412 aswSnx - ok
21:29:27.0461 5412 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
21:29:27.0522 5412 aswSP - ok
21:29:27.0993 5412 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
21:29:28.0019 5412 aswTdi - ok
21:29:28.0491 5412 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:28.0516 5412 AsyncMac - ok
21:29:28.0648 5412 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:29:28.0671 5412 atapi - ok
21:29:29.0386 5412 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:29:29.0410 5412 AVGIDSDriver - ok
21:29:29.0617 5412 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:29:29.0636 5412 AVGIDSEH - ok
21:29:29.0903 5412 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:29:29.0923 5412 AVGIDSFilter - ok
21:29:30.0104 5412 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:29:30.0116 5412 AVGIDSShim - ok
21:29:30.0912 5412 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
21:29:30.0939 5412 Avgldx86 - ok
21:29:31.0054 5412 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:29:31.0078 5412 Avgmfx86 - ok
21:29:31.0636 5412 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:29:31.0659 5412 Avgrkx86 - ok
21:29:32.0043 5412 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
21:29:32.0061 5412 Avgtdix - ok
21:29:32.0729 5412 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:29:32.0752 5412 Beep - ok
21:29:33.0181 5412 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:29:33.0207 5412 blbdrive - ok
21:29:33.0408 5412 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:29:33.0445 5412 bowser - ok
21:29:33.0878 5412 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:29:34.0096 5412 BrFiltLo - ok
21:29:34.0273 5412 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:29:34.0289 5412 BrFiltUp - ok
21:29:34.0722 5412 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:29:34.0746 5412 Brserid - ok
21:29:34.0896 5412 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:29:35.0065 5412 BrSerWdm - ok
21:29:35.0465 5412 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:29:35.0486 5412 BrUsbMdm - ok
21:29:36.0048 5412 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:29:36.0074 5412 BrUsbSer - ok
21:29:36.0567 5412 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:29:36.0589 5412 BTHMODEM - ok
21:29:36.0922 5412 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:36.0948 5412 cdfs - ok
21:29:37.0221 5412 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:29:37.0240 5412 circlass - ok
21:29:37.0710 5412 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:29:37.0733 5412 CLFS - ok
21:29:38.0489 5412 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:38.0530 5412 CmBatt - ok
21:29:38.0693 5412 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:29:38.0711 5412 cmdide - ok
21:29:39.0073 5412 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:39.0096 5412 Compbatt - ok
21:29:39.0333 5412 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:29:39.0354 5412 crcdisk - ok
21:29:39.0592 5412 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:29:39.0611 5412 Crusoe - ok
21:29:40.0383 5412 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:29:40.0706 5412 DfsC - ok
21:29:41.0513 5412 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:29:41.0533 5412 disk - ok
21:29:41.0737 5412 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:29:41.0763 5412 drmkaud - ok
21:29:42.0468 5412 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:42.0530 5412 DXGKrnl - ok
21:29:42.0737 5412 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:29:42.0773 5412 E1G60 - ok
21:29:43.0403 5412 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:29:43.0443 5412 Ecache - ok
21:29:44.0129 5412 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:29:44.0175 5412 elxstor - ok
21:29:44.0597 5412 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:29:44.0619 5412 ErrDev - ok
21:29:45.0248 5412 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:29:45.0360 5412 exfat - ok
21:29:45.0861 5412 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:29:46.0185 5412 fastfat - ok
21:29:46.0738 5412 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:29:46.0762 5412 fdc - ok
21:29:46.0859 5412 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:29:46.0878 5412 FileInfo - ok
21:29:47.0305 5412 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:29:47.0324 5412 Filetrace - ok
21:29:47.0486 5412 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:47.0508 5412 flpydisk - ok
21:29:47.0861 5412 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:29:47.0897 5412 FltMgr - ok
21:29:48.0383 5412 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:29:48.0407 5412 fssfltr - ok
21:29:48.0791 5412 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:48.0809 5412 Fs_Rec - ok
21:29:49.0073 5412 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:29:49.0096 5412 gagp30kx - ok
21:29:49.0657 5412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:29:49.0682 5412 GEARAspiWDM - ok
21:29:50.0472 5412 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:29:50.0524 5412 HdAudAddService - ok
21:29:50.0940 5412 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:51.0009 5412 HDAudBus - ok
21:29:51.0427 5412 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:29:51.0455 5412 HidBth - ok
21:29:51.0882 5412 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:29:51.0955 5412 HidIr - ok
21:29:52.0404 5412 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
21:29:52.0429 5412 HidUsb - ok
21:29:52.0540 5412 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:29:52.0581 5412 HpCISSs - ok
21:29:53.0080 5412 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:29:53.0149 5412 HTTP - ok
21:29:53.0511 5412 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:29:53.0527 5412 i2omp - ok
21:29:54.0325 5412 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:54.0348 5412 i8042prt - ok
21:29:55.0092 5412 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
21:29:55.0345 5412 ialm - ok
21:29:55.0833 5412 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
21:29:55.0835 5412 iaStor - ok
21:29:56.0516 5412 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:29:56.0560 5412 iaStorV - ok
21:29:57.0539 5412 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:29:57.0674 5412 igfx - ok
21:29:58.0267 5412 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:29:58.0291 5412 iirsp - ok
21:29:58.0604 5412 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:29:58.0620 5412 intelide - ok
21:29:59.0084 5412 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:59.0085 5412 intelppm - ok
21:29:59.0588 5412 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:59.0610 5412 IpFilterDriver - ok
21:29:59.0802 5412 IpInIp - ok
21:30:00.0314 5412 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:30:00.0334 5412 IPMIDRV - ok
21:30:00.0576 5412 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:30:00.0613 5412 IPNAT - ok
21:30:00.0990 5412 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:30:01.0011 5412 IRENUM - ok
21:30:01.0421 5412 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:30:01.0445 5412 isapnp - ok
21:30:01.0893 5412 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:30:02.0044 5412 iScsiPrt - ok
21:30:02.0337 5412 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:30:02.0359 5412 iteatapi - ok
21:30:02.0689 5412 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:30:02.0706 5412 iteraid - ok
21:30:03.0073 5412 JakNDis (36fd6c17ba40fc942cdb798b9e103db9) C:\Windows\system32\DRIVERS\JakNDis.sys
21:30:03.0101 5412 JakNDis - ok
21:30:03.0122 5412 JakNDisMP (36fd6c17ba40fc942cdb798b9e103db9) C:\Windows\system32\DRIVERS\JakNDis.sys
21:30:03.0123 5412 JakNDisMP - ok
21:30:03.0559 5412 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:03.0594 5412 kbdclass - ok
21:30:03.0725 5412 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:30:03.0728 5412 kbdhid - ok
21:30:04.0176 5412 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:30:04.0292 5412 KSecDD - ok
21:30:04.0759 5412 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:04.0763 5412 lltdio - ok
21:30:04.0891 5412 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:30:05.0002 5412 LSI_FC - ok
21:30:05.0359 5412 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:30:05.0401 5412 LSI_SAS - ok
21:30:05.0635 5412 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:30:05.0652 5412 LSI_SCSI - ok
21:30:06.0104 5412 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:30:06.0131 5412 luafv - ok
21:30:06.0367 5412 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:30:06.0369 5412 MBAMProtector - ok
21:30:06.0558 5412 MBAMSwissArmy - ok
21:30:06.0875 5412 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:30:06.0876 5412 megasas - ok
21:30:07.0612 5412 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:30:07.0866 5412 MegaSR - ok
21:30:08.0299 5412 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:30:08.0300 5412 Modem - ok
21:30:08.0455 5412 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:30:08.0456 5412 monitor - ok
21:30:08.0993 5412 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:30:09.0017 5412 mouclass - ok
21:30:09.0396 5412 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
21:30:09.0419 5412 mouhid - ok
21:30:09.0776 5412 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:30:09.0799 5412 MountMgr - ok
21:30:10.0272 5412 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:30:10.0311 5412 mpio - ok
21:30:10.0451 5412 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:30:10.0476 5412 mpsdrv - ok
21:30:10.0841 5412 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:30:10.0858 5412 Mraid35x - ok
21:30:11.0377 5412 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:30:11.0416 5412 MRxDAV - ok
21:30:11.0735 5412 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:11.0781 5412 mrxsmb - ok
21:30:12.0218 5412 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:12.0326 5412 mrxsmb10 - ok
21:30:12.0796 5412 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:12.0823 5412 mrxsmb20 - ok
21:30:13.0563 5412 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:30:13.0580 5412 msahci - ok
21:30:13.0686 5412 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:30:13.0690 5412 msdsm - ok
21:30:13.0871 5412 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:30:13.0958 5412 Msfs - ok
21:30:14.0071 5412 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:30:14.0085 5412 msisadrv - ok
21:30:14.0594 5412 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:30:14.0612 5412 MSKSSRV - ok
21:30:14.0903 5412 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:15.0209 5412 MSPCLOCK - ok
21:30:15.0493 5412 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:30:15.0516 5412 MSPQM - ok
21:30:16.0006 5412 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:30:16.0030 5412 MsRPC - ok
21:30:16.0338 5412 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:16.0339 5412 mssmbios - ok
21:30:16.0539 5412 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:30:16.0564 5412 MSTEE - ok
21:30:16.0895 5412 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:30:17.0079 5412 Mup - ok
21:30:17.0331 5412 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:30:17.0350 5412 NativeWifiP - ok
21:30:17.0973 5412 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:30:18.0065 5412 NDIS - ok
21:30:18.0491 5412 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:18.0515 5412 NdisTapi - ok
21:30:18.0687 5412 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:18.0705 5412 Ndisuio - ok
21:30:19.0089 5412 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:19.0124 5412 NdisWan - ok
21:30:19.0203 5412 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:30:19.0222 5412 NDProxy - ok
21:30:19.0329 5412 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:30:19.0332 5412 NetBIOS - ok
21:30:19.0822 5412 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
21:30:19.0932 5412 NETw2v32 - ok
21:30:20.0548 5412 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:30:20.0658 5412 NETw3v32 - ok
21:30:21.0582 5412 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:30:23.0706 5412 NETw4v32 - ok
21:30:24.0284 5412 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:30:24.0287 5412 nfrd960 - ok
21:30:24.0375 5412 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:30:24.0420 5412 Npfs - ok
21:30:24.0517 5412 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:30:24.0519 5412 nsiproxy - ok
21:30:24.0617 5412 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:30:24.0662 5412 Ntfs - ok
21:30:24.0790 5412 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:30:24.0792 5412 ntrigdigi - ok
21:30:24.0822 5412 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:30:24.0824 5412 Null - ok
21:30:24.0852 5412 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:30:24.0856 5412 nvraid - ok
21:30:24.0896 5412 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:30:24.0903 5412 nvstor - ok
21:30:24.0940 5412 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:30:24.0944 5412 nv_agp - ok
21:30:25.0049 5412 NwlnkFlt - ok
21:30:25.0063 5412 NwlnkFwd - ok
21:30:25.0185 5412 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:30:25.0189 5412 ohci1394 - ok
21:30:25.0287 5412 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:30:25.0291 5412 Parport - ok
21:30:25.0340 5412 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:30:25.0356 5412 partmgr - ok
21:30:25.0385 5412 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:30:25.0387 5412 Parvdm - ok
21:30:25.0456 5412 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:30:25.0462 5412 pci - ok
21:30:25.0577 5412 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:30:25.0579 5412 pciide - ok
21:30:25.0680 5412 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:25.0685 5412 pcmcia - ok
21:30:25.0952 5412 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:30:25.0968 5412 PEAUTH - ok
21:30:26.0260 5412 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:30:26.0263 5412 PptpMiniport - ok
21:30:26.0299 5412 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:30:26.0301 5412 Processor - ok
21:30:26.0538 5412 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:30:26.0540 5412 PSched - ok
21:30:26.0714 5412 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
21:30:26.0748 5412 PxHelp20 - ok
21:30:27.0138 5412 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:30:27.0159 5412 ql2300 - ok
21:30:27.0442 5412 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:30:27.0446 5412 ql40xx - ok
21:30:27.0492 5412 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:30:27.0508 5412 QWAVEdrv - ok
21:30:27.0550 5412 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:30:27.0552 5412 RasAcd - ok
21:30:27.0688 5412 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:27.0691 5412 Rasl2tp - ok
21:30:27.0778 5412 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:27.0793 5412 RasPppoe - ok
21:30:27.0844 5412 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:30:27.0869 5412 RasSstp - ok
21:30:27.0961 5412 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:30:27.0987 5412 rdbss - ok
21:30:28.0112 5412 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:28.0123 5412 RDPCDD - ok
21:30:28.0195 5412 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:30:28.0241 5412 rdpdr - ok
21:30:28.0349 5412 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:30:28.0351 5412 RDPENCDD - ok
21:30:28.0509 5412 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:30:28.0534 5412 RDPWD - ok
21:30:28.0693 5412 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:30:28.0713 5412 rspndr - ok
21:30:28.0809 5412 RTL8169 (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:30:28.0828 5412 RTL8169 - ok
21:30:28.0964 5412 RTSTOR (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
21:30:28.0995 5412 RTSTOR - ok
21:30:29.0078 5412 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:30:29.0082 5412 sbp2port - ok
21:30:29.0125 5412 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:30:29.0129 5412 sdbus - ok
21:30:29.0398 5412 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:30:29.0400 5412 secdrv - ok
21:30:29.0566 5412 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:30:29.0568 5412 Serenum - ok
21:30:29.0604 5412 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:30:29.0608 5412 Serial - ok
21:30:29.0649 5412 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:30:29.0651 5412 sermouse - ok
21:30:29.0804 5412 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:30:29.0880 5412 sffdisk - ok
21:30:30.0327 5412 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:30:30.0330 5412 sffp_mmc - ok
21:30:30.0402 5412 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:30:30.0433 5412 sffp_sd - ok
21:30:30.0592 5412 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:30:30.0594 5412 sfloppy - ok
21:30:30.0656 5412 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:30:30.0676 5412 sisagp - ok
21:30:30.0710 5412 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:30:30.0712 5412 SiSRaid2 - ok
21:30:30.0850 5412 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:30:30.0853 5412 SiSRaid4 - ok
21:30:30.0929 5412 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:30:30.0933 5412 Smb - ok
21:30:31.0095 5412 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:30:31.0098 5412 spldr - ok
21:30:31.0280 5412 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:30:31.0287 5412 srv - ok
21:30:31.0523 5412 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:30:31.0527 5412 srv2 - ok
21:30:31.0543 5412 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:30:31.0547 5412 srvnet - ok
21:30:31.0756 5412 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
21:30:31.0772 5412 StarOpen - ok
21:30:32.0169 5412 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
21:30:32.0176 5412 STHDA - ok
21:30:32.0494 5412 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:30:32.0497 5412 swenum - ok
21:30:32.0540 5412 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:30:32.0564 5412 Symc8xx - ok
21:30:32.0711 5412 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:30:32.0714 5412 Sym_hi - ok
21:30:32.0758 5412 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:30:32.0761 5412 Sym_u3 - ok
21:30:32.0818 5412 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
21:30:32.0823 5412 SynTP - ok
21:30:33.0168 5412 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:30:33.0185 5412 Tcpip - ok
21:30:33.0591 5412 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:30:33.0596 5412 Tcpip6 - ok
21:30:33.0706 5412 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:30:33.0719 5412 tcpipreg - ok
21:30:33.0846 5412 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:30:33.0859 5412 TDPIPE - ok
21:30:34.0238 5412 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:30:34.0261 5412 TDTCP - ok
21:30:34.0387 5412 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:30:34.0390 5412 tdx - ok
21:30:34.0621 5412 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:30:34.0624 5412 TermDD - ok
21:30:35.0016 5412 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
21:30:35.0030 5412 tmtdi - ok
21:30:35.0308 5412 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:35.0310 5412 tssecsrv - ok
21:30:35.0369 5412 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:30:35.0371 5412 tunmp - ok
21:30:35.0535 5412 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:30:35.0538 5412 tunnel - ok
21:30:35.0632 5412 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:30:35.0651 5412 uagp35 - ok
21:30:35.0804 5412 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:30:35.0810 5412 udfs - ok
21:30:35.0862 5412 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:30:35.0887 5412 uliagpkx - ok
21:30:36.0034 5412 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:30:36.0040 5412 uliahci - ok
21:30:36.0081 5412 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:30:36.0090 5412 UlSata - ok
21:30:36.0144 5412 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:30:36.0173 5412 ulsata2 - ok
21:30:36.0318 5412 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:30:36.0334 5412 umbus - ok
21:30:36.0383 5412 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:36.0395 5412 usbccgp - ok
21:30:36.0430 5412 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:30:36.0453 5412 usbcir - ok
21:30:36.0558 5412 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:30:36.0561 5412 usbehci - ok
21:30:36.0598 5412 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:30:36.0602 5412 usbhub - ok
21:30:36.0767 5412 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:30:36.0770 5412 usbohci - ok
21:30:37.0003 5412 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:30:37.0006 5412 usbprint - ok
21:30:37.0109 5412 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:37.0154 5412 USBSTOR - ok
21:30:37.0203 5412 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:30:37.0222 5412 usbuhci - ok
21:30:37.0487 5412 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:30:37.0491 5412 usbvideo - ok
21:30:37.0546 5412 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
21:30:37.0576 5412 UVCFTR - ok
21:30:37.0712 5412 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:37.0734 5412 vga - ok
21:30:37.0779 5412 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:30:37.0782 5412 VgaSave - ok
21:30:37.0842 5412 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:30:37.0868 5412 viaagp - ok
21:30:38.0131 5412 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:30:38.0135 5412 ViaC7 - ok
21:30:38.0307 5412 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:30:38.0321 5412 viaide - ok
21:30:38.0349 5412 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:30:38.0352 5412 volmgr - ok
21:30:38.0394 5412 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:30:38.0422 5412 volmgrx - ok
21:30:38.0599 5412 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:30:38.0605 5412 volsnap - ok
21:30:38.0821 5412 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:30:38.0825 5412 vsmraid - ok
21:30:38.0911 5412 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:30:38.0914 5412 WacomPen - ok
21:30:39.0060 5412 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:39.0078 5412 Wanarp - ok
21:30:39.0097 5412 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:39.0099 5412 Wanarpv6 - ok
21:30:39.0388 5412 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
21:30:39.0392 5412 wanatw - ok
21:30:39.0744 5412 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:30:39.0747 5412 Wd - ok
21:30:39.0811 5412 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:30:39.0839 5412 Wdf01000 - ok
21:30:39.0989 5412 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:39.0990 5412 WmiAcpi - ok
21:30:40.0253 5412 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:40.0256 5412 ws2ifsl - ok
21:30:40.0385 5412 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:30:40.0390 5412 yukonwlh - ok
21:30:40.0459 5412 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:30:40.0479 5412 \Device\Harddisk0\DR0 - ok
21:30:40.0482 5412 Boot (0x1200) (76a352b69bab15993cd1df7d1ab6fa17) \Device\Harddisk0\DR0\Partition0
21:30:40.0483 5412 \Device\Harddisk0\DR0\Partition0 - ok
21:30:40.0485 5412 Boot (0x1200) (5d0285eb757fb552e206821b1a84bac4) \Device\Harddisk0\DR0\Partition1
21:30:40.0486 5412 \Device\Harddisk0\DR0\Partition1 - ok
21:30:40.0487 5412 ============================================================
21:30:40.0487 5412 Scan finished
21:30:40.0487 5412 ============================================================
21:30:40.0494 4948 Detected object count: 0
21:30:40.0494 4948 Actual detected object count: 0

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Sammy22]

Clearly I am doing something wrong with ComboFix. I have run it three different times and each time it will run for 10 - 20ish minutes and then automatically force close and shutdown my computer. When I reboot, the following dialog box appears..."The Recycle Bin on C:/ is corrupted. Do you want to empty the Recycle Bin for this drive? Yes/No"

aswMBR log is below. I will await further instructions/clarification before proceeding further.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 21:52:24
-----------------------------
21:52:24.011 OS Version: Windows 6.0.6002 Service Pack 2
21:52:24.011 Number of processors: 2 586 0xF0B
21:52:24.014 ComputerName: FNAMELNAME-PC UserName: Fname Lname
21:52:33.269 Initialize success
21:52:34.020 AVAST engine defs: 11121603
21:53:02.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:53:02.325 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
21:53:02.370 Disk 0 MBR read successfully
21:53:02.373 Disk 0 MBR scan
21:53:02.376 Disk 0 Windows VISTA default MBR code
21:53:02.381 Disk 0 scanning sectors +312576705
21:53:02.456 Disk 0 scanning C:\Windows\system32\drivers
21:53:15.727 Service scanning
21:53:17.749 Modules scanning
21:53:26.297 Disk 0 trace - called modules:
21:53:26.315 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:53:26.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865d0810]
21:53:26.321 3 CLASSPNP.SYS[8a7a78b3] -> nt!IofCallDriver -> [0x8552ccb8]
21:53:26.649 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8552e030]
21:53:27.740 AVAST engine scan C:\Windows
21:53:30.396 AVAST engine scan C:\Windows\system32
21:55:28.705 AVAST engine scan C:\Windows\system32\drivers
21:55:38.252 AVAST engine scan C:\Users\Fname Lname
22:06:38.847 File: C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe **INFECTED** Win32:MalOb-HY [Cryp]
22:08:37.134 AVAST engine scan C:\ProgramData
22:15:32.470 Scan finished successfully
22:16:03.854 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
22:16:03.859 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
22:16:49.200 Disk 0 MBR has been saved successfully to "C:\Users\Fname Lname\Desktop\Documents\MBR.dat"
22:16:49.206 The log file has been saved successfully to "C:\Users\Fname Lname\Desktop\Documents\aswMBR.txt"
22:18:17.794 Disk 0 MBR has been saved successfully to "C:\Users\Fname Lname\Desktop\MBR.dat"
22:18:17.799 The log file has been saved successfully to "C:\Users\Fname Lname\Desktop\aswMBR.txt"

 

[Broni]

Re-run Combofix one more time.
If same issue happens and it comes to this:

When I reboot, the following dialog box appears..."The Recycle Bin on C:/ is corrupted. Do you want to empty the Recycle Bin for this drive? Yes/No"

say "Yes".
Then re-run Combofix one more time.
If still same issue try to run it from safe mode.

 

[Sammy22]

Alright, finally got ComboFix to run fine. Log is below...

ComboFix 11-12-16.03 - Fname Lname 12/17/2011 14:50:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1711 [GMT -5:00]
Running from: c:\users\Fname Lname\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Blinkx
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Templates\607885p0r580t127s003l4glr2a8
c:\users\Fname Lname\Documents\~WRL0715.tmp
c:\users\Fname Lname\Documents\~WRL1735.tmp
c:\users\Fname Lname\Taskmgr.exe
c:\windows\$NtUninstallKB37556$
c:\windows\$NtUninstallKB37556$\3159043839\@
c:\windows\$NtUninstallKB37556$\3159043839\bckfg.tmp
c:\windows\$NtUninstallKB37556$\3159043839\cfg.ini
c:\windows\$NtUninstallKB37556$\3159043839\Desktop.ini
c:\windows\$NtUninstallKB37556$\3159043839\keywords
c:\windows\$NtUninstallKB37556$\3159043839\kwrd.dll
c:\windows\$NtUninstallKB37556$\3159043839\L\qnbwvoto
c:\windows\$NtUninstallKB37556$\3159043839\U\00000001.@
c:\windows\$NtUninstallKB37556$\3159043839\U\00000002.@
c:\windows\$NtUninstallKB37556$\3159043839\U\00000004.@
c:\windows\$NtUninstallKB37556$\3159043839\U\80000000.@
c:\windows\$NtUninstallKB37556$\3159043839\U\80000004.@
c:\windows\$NtUninstallKB37556$\3159043839\U\80000032.@
c:\windows\$NtUninstallKB37556$\385693575
c:\windows\iun6002.exe
D:\Autorun.inf
.
-- Previous Run --
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Fname Lname\AppData\Local\temp
2011-12-17 20:03 . 2011-12-17 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 16:33 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-14 14:56 . 2011-12-14 14:56 -------- d-----w- c:\programdata\WindowsSearch
2011-12-13 23:33 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-13 23:33 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 23:33 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 23:33 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:33 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 23:33 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 23:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-11 15:33 . 2011-12-11 15:33 -------- d-----w- c:\program files\AVG Secure Search
2011-12-01 03:53 . 2011-12-01 03:23 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-12-01 03:42 . 2011-12-01 03:42 -------- d-----w- c:\programdata\Trend Micro
2011-12-01 03:32 . 2011-12-01 03:32 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2011-11-30 04:43 . 2011-11-30 04:45 -------- d-----w- c:\programdata\AVG2012
2011-11-30 02:38 . 2011-11-30 04:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-30 00:33 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-30 00:33 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-30 00:33 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-30 00:33 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-30 00:32 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-30 00:32 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-30 00:32 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-30 00:32 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\programdata\AVAST Software
2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\program files\AVAST Software
2011-11-30 00:09 . 2011-12-01 13:05 -------- d-----w- c:\program files\Trend Micro
2011-11-23 21:06 . 2011-11-23 21:06 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-20 21:02 . 2011-11-09 13:20 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-12 19:40 . 2009-11-12 19:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 15:33 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 15:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-11 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\users\FNAMERE~1\AppData\Local\Temp\knf.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"googletalk"="c:\users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [BU]
"HostManager"="c:\program files\Common Files\AOL\1230828047\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [BU]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-11 827232]
.
c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-6-10 2342912]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=7B01D6FA-80C1-4DAB-A5B8-1DC6210949C9&apn_ptnrs=GG&apn_sauid=235D3102-95C0-41F7-8F76-684365DD26C4&apn_dtid=YYYYYYB3US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Fname Lname\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 15:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-17 15:06:11
ComboFix-quarantined-files.txt 2011-12-17 20:05
.
Pre-Run: 14,525,272,064 bytes free
Post-Run: 14,384,193,536 bytes free
.
- - End Of File - - BC3ED3A223EAF56712635EB5150C0FA4

 

[Broni]

Good

Uninstall Ask Toolbar and McAfee Security Scan Plus, typical foistwares.

Beside AVG I can also see Avast installed.
I suggest you keep AVG off and keep Avast as your AV program.
Let me know.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

SecCenter::
{88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
{B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
{33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

File::
C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk

Folder::
c:\programdata\AVG Secure Search
c:\program files\Common Files\AVG Secure Search
c:\program files\AVG Secure Search
c:\programdata\AVG2012


Driver::
vToolbarUpdater

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"=-
"vProt"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Sammy22]

Ask toolbar and McAfee Security Scan Plus have been deleted.

New ComboFix log below...

ComboFix 11-12-18.01 - Fname Lname 12/18/2011 18:21:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1838 [GMT -5:00]
Running from: c:\users\Fname Lname\Desktop\ComboFix.exe
Command switches used :: c:\users\Fname Lname\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk"
"c:\users\Fname Lname\Documents\Documents\Ke43yta.exe"
"c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG Secure Search
c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
c:\program files\AVG Secure Search\about.gif
c:\program files\AVG Secure Search\avguidx.dll
c:\program files\AVG Secure Search\calc.gif
c:\program files\AVG Secure Search\CleanHistory.gif
c:\program files\AVG Secure Search\configuration.xml
c:\program files\AVG Secure Search\current.gif
c:\program files\AVG Secure Search\Facebook.gif
c:\program files\AVG Secure Search\favicon.ico
c:\program files\AVG Secure Search\feedback.gif
c:\program files\AVG Secure Search\help.gif
c:\program files\AVG Secure Search\icon18.gif
c:\program files\AVG Secure Search\iGearedHelper.dll
c:\program files\AVG Secure Search\labs.gif
c:\program files\AVG Secure Search\lip.exe
c:\program files\AVG Secure Search\MigrationTool.exe
c:\program files\AVG Secure Search\note.gif
c:\program files\AVG Secure Search\PageStatus.gif
c:\program files\AVG Secure Search\PostInstall.exe
c:\program files\AVG Secure Search\radio\bg.gif
c:\program files\AVG Secure Search\radio\play.gif
c:\program files\AVG Secure Search\radio\play_hover.gif
c:\program files\AVG Secure Search\radio\radio.html
c:\program files\AVG Secure Search\radio\radio.js
c:\program files\AVG Secure Search\radio\stations.xml
c:\program files\AVG Secure Search\radio\stop.gif
c:\program files\AVG Secure Search\radio\stop_hover.gif
c:\program files\AVG Secure Search\radio\v_minus.gif
c:\program files\AVG Secure Search\radio\v_minus_1.gif
c:\program files\AVG Secure Search\radio\v_plus.gif
c:\program files\AVG Secure Search\radio\v_plus_1.gif
c:\program files\AVG Secure Search\radio\vol_line_emp.gif
c:\program files\AVG Secure Search\radio\vol_line_full.gif
c:\program files\AVG Secure Search\radio\vol_line_half.gif
c:\program files\AVG Secure Search\remote_configuration.xml
c:\program files\AVG Secure Search\search.gif
c:\program files\AVG Secure Search\SecuredSearch.gif
c:\program files\AVG Secure Search\setup.bmp
c:\program files\AVG Secure Search\toolbar.zip
c:\program files\AVG Secure Search\ToolbarBroker.exe
c:\program files\AVG Secure Search\Uninstall.exe
c:\program files\AVG Secure Search\vprot.exe
c:\program files\AVG Secure Search\weather.gif
c:\program files\AVG Secure Search\windows.gif
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\CommonInstaller\9.0.1\CommonInstaller.exe
c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini
c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1\ScriptHelper.exe
c:\program files\Common Files\AVG Secure Search\ToolBandTlb\9.0.1\toolband
c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
c:\programdata\AVG Secure Search
c:\programdata\AVG Secure Search\9.0.0.18\chrome.manifest
c:\programdata\AVG Secure Search\9.0.0.18\chrome\avg.jar
c:\programdata\AVG Secure Search\9.0.0.18\components\FF4\IToolbarhomewmp.xpt
c:\programdata\AVG Secure Search\9.0.0.18\components\FF4\toolbarhomewmp.dll
c:\programdata\AVG Secure Search\9.0.0.18\components\IToolbarhomewmp.xpt
c:\programdata\AVG Secure Search\9.0.0.18\components\toolbarhomeApi.js
c:\programdata\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll
c:\programdata\AVG Secure Search\9.0.0.18\icon.png
c:\programdata\AVG Secure Search\9.0.0.18\install.rdf
c:\programdata\AVG Secure Search\9.0.0.18\locale\en-US\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\locale\en-US\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\avg.xml
c:\programdata\AVG Secure Search\9.0.0.18\modules\avgJsm.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration_0.css
c:\programdata\AVG Secure Search\9.0.0.18\modules\configuration_0.xul
c:\programdata\AVG Secure Search\9.0.0.18\modules\EmailNotifier.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\HistoryCleaner.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\IOJsm.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\cs\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\cs\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\da\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\da\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\de\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\de\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\en\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\en\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es-es\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es-es\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\es\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\fr\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\fr\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\hu\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\hu\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\id\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\id\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\it\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\it\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ja\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ja\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ko\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ko\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ms\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ms\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\nl\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\nl\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pl\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pl\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt-br\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt-br\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\pt\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ru\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\ru\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sk\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sk\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sr\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\sr\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\tr\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\tr\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-cn\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-cn\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-tw\global.dtd
c:\programdata\AVG Secure Search\9.0.0.18\modules\locale\zh-tw\global.properties
c:\programdata\AVG Secure Search\9.0.0.18\modules\Preferences.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\propertiesJsm.js
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\about.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\ajax-loader.gif
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\calc.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\CleanHistory.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\close.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\current.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\Facebook.gif
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\feedback.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\feedicon.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\help.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\icon_search.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\icon18.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\information-24.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\labs.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\loader.gif
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\note.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\PageStatus.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\questionmarkIcon.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioBg.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioEqu.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioEqu_on.gif
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioHandle.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioMenuArrow_off.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioMenuArrow_on.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioPlay_off.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioPlay_on.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioStop_off.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioStop_on.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioVol.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RadioVolBg.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\RealLogo.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\search.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\SecuredSearch.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\sliderWhite.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\weather.gif
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\window-close.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\windows.png
c:\programdata\AVG Secure Search\9.0.0.18\modules\skin\WMPLogo.png
c:\programdata\AVG2012
c:\programdata\AVG2012\Cfg\admin.cfg
c:\programdata\AVG2012\Cfg\changecfgreg.cfg
c:\programdata\AVG2012\Cfg\csl.cfg
c:\programdata\AVG2012\Cfg\emssrv.cfg
c:\programdata\AVG2012\Cfg\erd.cfg
c:\programdata\AVG2012\Cfg\idp.cfg
c:\programdata\AVG2012\Cfg\krnl.cfg
c:\programdata\AVG2012\Cfg\mail.cfg
c:\programdata\AVG2012\Cfg\mailsrv.cfg
c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg
c:\programdata\AVG2012\Cfg\malrep.cfg
c:\programdata\AVG2012\Cfg\scan.cfg
c:\programdata\AVG2012\Cfg\sched.cfg
c:\programdata\AVG2012\Cfg\setup.cfg
c:\programdata\AVG2012\Cfg\spsrv.cfg
c:\programdata\AVG2012\Cfg\update.cfg
c:\programdata\AVG2012\Cfg\updatecomps.cfg
c:\programdata\AVG2012\Cfg\user.cfg
c:\programdata\AVG2012\cfgall\changecfgreg.cfg
c:\programdata\AVG2012\cfgall\falsealarm.cfg
c:\programdata\AVG2012\cfgall\krnlall.cfg
c:\programdata\AVG2012\cfgall\srmall.cfg
c:\programdata\AVG2012\cfgall\updateall.cfg
c:\programdata\AVG2012\cfgall\userall.cfg
c:\programdata\AVG2012\Chjw\1caa3991aa396882.dat
c:\programdata\AVG2012\Chjw\1caa3991aa396882\025bde27-c082-413c-a8cd-4d34e062aa24
c:\programdata\AVG2012\Chjw\1caa3991aa396882\1da2db46-530a-4916-97d0-d528365c7a1a
c:\programdata\AVG2012\Chjw\1caa3991aa396882\92601d74-a65e-4275-8483-d977db2f1a0c
c:\programdata\AVG2012\Chjw\1caa3991aa396882\a1eca464-8c79-4f01-89c9-c63368989718
c:\programdata\AVG2012\Chjw\1caa3991aa396882\a7668827-8663-4d4a-a77e-9c38fe859e13
c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchff.dat
c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchfi.dat
c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchmf.dat
c:\programdata\AVG2012\Chjw\1caa3991aa396882\avgcchmi.dat
c:\programdata\AVG2012\Chjw\1caa3991aa396882\b4140b5c-5952-4104-b17b-4312dad27c19
c:\programdata\AVG2012\Chjw\1caa3991aa396882\ccbf797e-0c2d-4322-bf61-9b2ef1f8526d
c:\programdata\AVG2012\Chjw\1caa3991aa396882\d4937825-fb40-4b47-812b-974de7339525
c:\programdata\AVG2012\Chjw\2c420be0420bada0.dat
c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchff.dat
c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchfi.dat
c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchmf.dat
c:\programdata\AVG2012\Chjw\2c420be0420bada0\avgcchmi.dat
c:\programdata\AVG2012\IDS\config\md5Cache.dat
c:\programdata\AVG2012\IDS\config\quarantinedList.zip
c:\programdata\AVG2012\IDS\config\userList.zip
c:\programdata\AVG2012\log\arklog.cfg
c:\programdata\AVG2012\log\avgcfg.log
c:\programdata\AVG2012\log\avgcfg.log.lock
c:\programdata\AVG2012\log\avgcfgex.log
c:\programdata\AVG2012\log\avgcfgex.log.lock
c:\programdata\AVG2012\log\avgchjw.log
c:\programdata\AVG2012\log\avgchjw.log.1
c:\programdata\AVG2012\log\avgchjw.log.10
c:\programdata\AVG2012\log\avgchjw.log.2
c:\programdata\AVG2012\log\avgchjw.log.3
c:\programdata\AVG2012\log\avgchjw.log.4
c:\programdata\AVG2012\log\avgchjw.log.5
c:\programdata\AVG2012\log\avgchjw.log.6
c:\programdata\AVG2012\log\avgchjw.log.7
c:\programdata\AVG2012\log\avgchjw.log.8
c:\programdata\AVG2012\log\avgchjw.log.9
c:\programdata\AVG2012\log\avgchjw.log.lock
c:\programdata\AVG2012\log\avgchjwsrv.log
c:\programdata\AVG2012\log\avgchjwsrv.log.1
c:\programdata\AVG2012\log\avgchjwsrv.log.10
c:\programdata\AVG2012\log\avgchjwsrv.log.2
c:\programdata\AVG2012\log\avgchjwsrv.log.3
c:\programdata\AVG2012\log\avgchjwsrv.log.4
c:\programdata\AVG2012\log\avgchjwsrv.log.5
c:\programdata\AVG2012\log\avgchjwsrv.log.6
c:\programdata\AVG2012\log\avgchjwsrv.log.7
c:\programdata\AVG2012\log\avgchjwsrv.log.8
c:\programdata\AVG2012\log\avgchjwsrv.log.9
c:\programdata\AVG2012\log\avgchjwsrv.log.lock
c:\programdata\AVG2012\log\avgcore.log
c:\programdata\AVG2012\log\avgcore.log.1
c:\programdata\AVG2012\log\avgcore.log.10
c:\programdata\AVG2012\log\avgcore.log.2
c:\programdata\AVG2012\log\avgcore.log.3
c:\programdata\AVG2012\log\avgcore.log.4
c:\programdata\AVG2012\log\avgcore.log.5
c:\programdata\AVG2012\log\avgcore.log.6
c:\programdata\AVG2012\log\avgcore.log.7
c:\programdata\AVG2012\log\avgcore.log.8
c:\programdata\AVG2012\log\avgcore.log.9
c:\programdata\AVG2012\log\avgcore.log.lock
c:\programdata\AVG2012\log\avgcsl.log
c:\programdata\AVG2012\log\avgcsl.log.1
c:\programdata\AVG2012\log\avgcsl.log.2
c:\programdata\AVG2012\log\avgcsl.log.lock
c:\programdata\AVG2012\log\avgdiagex.log
c:\programdata\AVG2012\log\avgdiagex.log.lock
c:\programdata\AVG2012\log\avgemc.log
c:\programdata\AVG2012\log\avgemc.log.1
c:\programdata\AVG2012\log\avgemc.log.2
c:\programdata\AVG2012\log\avgemc.log.3
c:\programdata\AVG2012\log\avgemc.log.4
c:\programdata\AVG2012\log\avgemc.log.lock
c:\programdata\AVG2012\log\avgexc.log
c:\programdata\AVG2012\log\avgexc.log.lock
c:\programdata\AVG2012\log\avgldr.log
c:\programdata\AVG2012\log\avgldr.log.1
c:\programdata\AVG2012\log\avgldr.log.2
c:\programdata\AVG2012\log\avgldr.log.lock
c:\programdata\AVG2012\log\avglng.log
c:\programdata\AVG2012\log\avglng.log.1
c:\programdata\AVG2012\log\avglng.log.lock
c:\programdata\AVG2012\log\avgmail.cfg
c:\programdata\AVG2012\log\avgns.log
c:\programdata\AVG2012\log\avgns.log.1
c:\programdata\AVG2012\log\avgns.log.10
c:\programdata\AVG2012\log\avgns.log.2
c:\programdata\AVG2012\log\avgns.log.3
c:\programdata\AVG2012\log\avgns.log.4
c:\programdata\AVG2012\log\avgns.log.5
c:\programdata\AVG2012\log\avgns.log.6
c:\programdata\AVG2012\log\avgns.log.7
c:\programdata\AVG2012\log\avgns.log.8
c:\programdata\AVG2012\log\avgns.log.9
c:\programdata\AVG2012\log\avgns.log.lock
c:\programdata\AVG2012\log\avgpostinst.log
c:\programdata\AVG2012\log\avgpostinst.log.lock
c:\programdata\AVG2012\log\avgrs.log
c:\programdata\AVG2012\log\avgrs.log.1
c:\programdata\AVG2012\log\avgrs.log.10
c:\programdata\AVG2012\log\avgrs.log.2
c:\programdata\AVG2012\log\avgrs.log.3
c:\programdata\AVG2012\log\avgrs.log.4
c:\programdata\AVG2012\log\avgrs.log.5
c:\programdata\AVG2012\log\avgrs.log.6
c:\programdata\AVG2012\log\avgrs.log.7
c:\programdata\AVG2012\log\avgrs.log.8
c:\programdata\AVG2012\log\avgrs.log.9
c:\programdata\AVG2012\log\avgrs.log.lock
c:\programdata\AVG2012\log\avgscan.log
c:\programdata\AVG2012\log\avgscan.log.1
c:\programdata\AVG2012\log\avgscan.log.10
c:\programdata\AVG2012\log\avgscan.log.2
c:\programdata\AVG2012\log\avgscan.log.3
c:\programdata\AVG2012\log\avgscan.log.4
c:\programdata\AVG2012\log\avgscan.log.5
c:\programdata\AVG2012\log\avgscan.log.6
c:\programdata\AVG2012\log\avgscan.log.7
c:\programdata\AVG2012\log\avgscan.log.8
c:\programdata\AVG2012\log\avgscan.log.9
c:\programdata\AVG2012\log\avgscan.log.lock
c:\programdata\AVG2012\log\avgsched.log
c:\programdata\AVG2012\log\avgsched.log.1
c:\programdata\AVG2012\log\avgsched.log.10
c:\programdata\AVG2012\log\avgsched.log.2
c:\programdata\AVG2012\log\avgsched.log.3
c:\programdata\AVG2012\log\avgsched.log.4
c:\programdata\AVG2012\log\avgsched.log.5
c:\programdata\AVG2012\log\avgsched.log.6
c:\programdata\AVG2012\log\avgsched.log.7
c:\programdata\AVG2012\log\avgsched.log.8
c:\programdata\AVG2012\log\avgsched.log.9
c:\programdata\AVG2012\log\avgsched.log.lock
c:\programdata\AVG2012\log\avgsrm.log
c:\programdata\AVG2012\log\avgsrm.log.1
c:\programdata\AVG2012\log\avgsrm.log.2
c:\programdata\AVG2012\log\avgsrm.log.3
c:\programdata\AVG2012\log\avgsrm.log.4
c:\programdata\AVG2012\log\avgsrm.log.5
c:\programdata\AVG2012\log\avgsrm.log.6
c:\programdata\AVG2012\log\avgsrm.log.7
c:\programdata\AVG2012\log\avgsrm.log.8
c:\programdata\AVG2012\log\avgsrm.log.lock
c:\programdata\AVG2012\log\avgsrmac.log
c:\programdata\AVG2012\log\avgsrmac.log.1
c:\programdata\AVG2012\log\avgsrmac.log.2
c:\programdata\AVG2012\log\avgsrmac.log.lock
c:\programdata\AVG2012\log\avgtbapi.cfg
c:\programdata\AVG2012\log\avgtbapi.log.lock
c:\programdata\AVG2012\log\avgtdi.log
c:\programdata\AVG2012\log\avgtdi.log.1
c:\programdata\AVG2012\log\avgtdi.log.lock
c:\programdata\AVG2012\log\avgual.2011-11-29.log
c:\programdata\AVG2012\log\avgual.log
c:\programdata\AVG2012\log\avgual.log.lock
c:\programdata\AVG2012\log\avgui.log
c:\programdata\AVG2012\log\avgui.log.1
c:\programdata\AVG2012\log\avgui.log.10
c:\programdata\AVG2012\log\avgui.log.2
c:\programdata\AVG2012\log\avgui.log.3
c:\programdata\AVG2012\log\avgui.log.4
c:\programdata\AVG2012\log\avgui.log.5
c:\programdata\AVG2012\log\avgui.log.6
c:\programdata\AVG2012\log\avgui.log.7
c:\programdata\AVG2012\log\avgui.log.8
c:\programdata\AVG2012\log\avgui.log.9
c:\programdata\AVG2012\log\avgui.log.lock
c:\programdata\AVG2012\log\avguidraw.log
c:\programdata\AVG2012\log\avguidraw.log.1
c:\programdata\AVG2012\log\avguidraw.log.lock
c:\programdata\AVG2012\log\avguilog.cfg
c:\programdata\AVG2012\log\avgupd.log
c:\programdata\AVG2012\log\avgupd.log.1
c:\programdata\AVG2012\log\avgupd.log.2
c:\programdata\AVG2012\log\avgupd.log.lock
c:\programdata\AVG2012\log\avgupdm.log
c:\programdata\AVG2012\log\avgwd.log
c:\programdata\AVG2012\log\avgwd.log.1
c:\programdata\AVG2012\log\avgwd.log.10
c:\programdata\AVG2012\log\avgwd.log.2
c:\programdata\AVG2012\log\avgwd.log.3
c:\programdata\AVG2012\log\avgwd.log.4
c:\programdata\AVG2012\log\avgwd.log.5
c:\programdata\AVG2012\log\avgwd.log.6
c:\programdata\AVG2012\log\avgwd.log.7
c:\programdata\AVG2012\log\avgwd.log.8
c:\programdata\AVG2012\log\avgwd.log.9
c:\programdata\AVG2012\log\avgwd.log.lock
c:\programdata\AVG2012\log\avgwdsvc.log
c:\programdata\AVG2012\log\avgwdsvc.log.1
c:\programdata\AVG2012\log\avgwdsvc.log.2
c:\programdata\AVG2012\log\avgwdsvc.log.3
c:\programdata\AVG2012\log\avgwdsvc.log.4
c:\programdata\AVG2012\log\avgwdsvc.log.5
c:\programdata\AVG2012\log\avgwdsvc.log.6
c:\programdata\AVG2012\log\avgwdsvc.log.7
c:\programdata\AVG2012\log\avgwdsvc.log.lock
c:\programdata\AVG2012\log\cfgexlog.cfg
c:\programdata\AVG2012\log\cfglog.cfg
c:\programdata\AVG2012\log\chjwlog.cfg
c:\programdata\AVG2012\log\commonpriv.log
c:\programdata\AVG2012\log\commonpriv.log.1
c:\programdata\AVG2012\log\commonpriv.log.10
c:\programdata\AVG2012\log\commonpriv.log.2
c:\programdata\AVG2012\log\commonpriv.log.3
c:\programdata\AVG2012\log\commonpriv.log.4
c:\programdata\AVG2012\log\commonpriv.log.5
c:\programdata\AVG2012\log\commonpriv.log.6
c:\programdata\AVG2012\log\commonpriv.log.7
c:\programdata\AVG2012\log\commonpriv.log.8
c:\programdata\AVG2012\log\commonpriv.log.9
c:\programdata\AVG2012\log\commonpriv.log.lock
c:\programdata\AVG2012\log\corelog.cfg
c:\programdata\AVG2012\log\csllog.cfg
c:\programdata\AVG2012\log\emclog.cfg
c:\programdata\AVG2012\log\fixcfg.log
c:\programdata\AVG2012\log\fixcfg.log.1
c:\programdata\AVG2012\log\fixcfg.log.lock
c:\programdata\AVG2012\log\history.xml
c:\programdata\AVG2012\log\ldrlog.cfg
c:\programdata\AVG2012\log\lnglog.cfg
c:\programdata\AVG2012\log\lscanlog.cfg
c:\programdata\AVG2012\log\nslog.cfg
c:\programdata\AVG2012\log\privlog.cfg
c:\programdata\AVG2012\log\publog.cfg
c:\programdata\AVG2012\log\rslog.cfg
c:\programdata\AVG2012\log\scanlog.cfg
c:\programdata\AVG2012\log\schedlog.cfg
c:\programdata\AVG2012\log\srmlog.cfg
c:\programdata\AVG2012\log\tdilog.cfg
c:\programdata\AVG2012\log\updlog.cfg
c:\programdata\AVG2012\log\vault.log
c:\programdata\AVG2012\log\vault.log.1
c:\programdata\AVG2012\log\vault.log.2
c:\programdata\AVG2012\log\vault.log.3
c:\programdata\AVG2012\log\vault.log.4
c:\programdata\AVG2012\log\vault.log.5
c:\programdata\AVG2012\log\vault.log.lock
c:\programdata\AVG2012\log\vaultlog.cfg
c:\programdata\AVG2012\log\wdlog.cfg
c:\programdata\AVG2012\log\wdsvclog.cfg
c:\programdata\AVG2012\lsdb\prev\prvcache.dat
c:\programdata\AVG2012\lsdb\prev\prvglbl.dat
c:\programdata\AVG2012\scanlogs\I_00000001.log
c:\programdata\AVG2012\scanlogs\I_00000003.log
c:\programdata\AVG2012\scanlogs\I_00000004.log
c:\programdata\AVG2012\scanlogs\I_00000005.log
c:\programdata\AVG2012\scanlogs\I_00000006.log
c:\programdata\AVG2012\scanlogs\I_00000007.log
c:\programdata\AVG2012\scanlogs\I_00000008.log
c:\programdata\AVG2012\scanlogs\I_00000009.log
c:\programdata\AVG2012\scanlogs\I_00000010.log
c:\programdata\AVG2012\scanlogs\I_00000011.log
c:\programdata\AVG2012\scanlogs\I_00000012.log
c:\programdata\AVG2012\scanlogs\I_00000013.log
c:\programdata\AVG2012\scanlogs\I_00000014.log
c:\programdata\AVG2012\scanlogs\I_00000015.log
c:\programdata\AVG2012\scanlogs\I_00000016.log
c:\programdata\AVG2012\scanlogs\I_00000017.log
c:\programdata\AVG2012\scanlogs\I_00000018.log
c:\programdata\AVG2012\scanlogs\I_00000019.log
c:\programdata\AVG2012\scanlogs\I_00000020.log
c:\programdata\AVG2012\scanlogs\I_00000021.log
c:\programdata\AVG2012\scanlogs\I_00000022.log
c:\programdata\AVG2012\scanlogs\I_00000023.log
c:\programdata\AVG2012\scanlogs\I_00000024.log
c:\programdata\AVG2012\scanlogs\I_00000025.log
c:\programdata\AVG2012\scanlogs\I_00000026.log
c:\programdata\AVG2012\scanlogs\I_00000027.log
c:\programdata\AVG2012\scanlogs\I_00000028.log
c:\programdata\AVG2012\scanlogs\I_00000029.log
c:\programdata\AVG2012\scanlogs\I_00000030.log
c:\programdata\AVG2012\scanlogs\I_00000031.log
c:\programdata\AVG2012\scanlogs\I_00000032.log
c:\programdata\AVG2012\scanlogs\I_00000033.log
c:\programdata\AVG2012\scanlogs\I_00000034.log
c:\programdata\AVG2012\scanlogs\I_00000035.log
c:\programdata\AVG2012\scanlogs\I_00000036.log
c:\programdata\AVG2012\scanlogs\I_00000037.log
c:\programdata\AVG2012\scanlogs\I_00000038.log
c:\programdata\AVG2012\scanlogs\I_00000039.log
c:\programdata\AVG2012\scanlogs\I_00000040.log
c:\programdata\AVG2012\scanlogs\I_00000041.log
c:\programdata\AVG2012\scanlogs\I_00000042.log
c:\programdata\AVG2012\scanlogs\I_00000043.log
c:\programdata\AVG2012\scanlogs\I_00000044.log
c:\programdata\AVG2012\scanlogs\I_00000045.log
c:\programdata\AVG2012\scanlogs\I_00000046.log
c:\programdata\AVG2012\scanlogs\I_00000047.log
c:\programdata\AVG2012\scanlogs\I_00000048.log
c:\programdata\AVG2012\scanlogs\I_00000049.log
c:\programdata\AVG2012\scanlogs\I_00000050.log
c:\programdata\AVG2012\scanlogs\I_00000051.log
c:\programdata\AVG2012\scanlogs\I_00000052.log
c:\programdata\AVG2012\scanlogs\I_00000053.log
c:\programdata\AVG2012\scanlogs\I_00000054.log
c:\programdata\AVG2012\scanlogs\I_00000055.log
c:\programdata\AVG2012\scanlogs\I_00000056.log
c:\programdata\AVG2012\scanlogs\I_00000057.log
c:\programdata\AVG2012\scanlogs\I_00000058.log
c:\programdata\AVG2012\scanlogs\I_00000059.log
c:\programdata\AVG2012\scanlogs\I_00000060.log
c:\programdata\AVG2012\scanlogs\I_00000061.log
c:\programdata\AVG2012\scanlogs\I_00000062.log
c:\programdata\AVG2012\scanlogs\I_00000063.log
c:\programdata\AVG2012\scanlogs\I_00000064.log
c:\programdata\AVG2012\scanlogs\I_00000065.log
c:\programdata\AVG2012\scanlogs\I_00000066.log
c:\programdata\AVG2012\scanlogs\I_00000067.log
c:\programdata\AVG2012\scanlogs\I_00000068.log
c:\programdata\AVG2012\scanlogs\I_00000069.log
c:\programdata\AVG2012\scanlogs\I_00000070.log
c:\programdata\AVG2012\scanlogs\I_00000071.log
c:\programdata\AVG2012\scanlogs\I_00000072.log
c:\programdata\AVG2012\scanlogs\I_00000073.log
c:\programdata\AVG2012\scanlogs\I_00000074.log
c:\programdata\AVG2012\scanlogs\I_00000075.log
c:\programdata\AVG2012\scanlogs\I_00000076.log
c:\programdata\AVG2012\scanlogs\I_00000077.log
c:\programdata\AVG2012\scanlogs\I_00000078.log
c:\programdata\AVG2012\scanlogs\I_00000079.log
c:\programdata\AVG2012\scanlogs\I_00000080.log
c:\programdata\AVG2012\scanlogs\I_00000081.log
c:\programdata\AVG2012\scanlogs\I_00000082.log
c:\programdata\AVG2012\scanlogs\I_00000083.log
c:\programdata\AVG2012\scanlogs\I_00000084.log
c:\programdata\AVG2012\scanlogs\I_00000085.log
c:\programdata\AVG2012\scanlogs\I_00000086.log
c:\programdata\AVG2012\scanlogs\I_00000087.log
c:\programdata\AVG2012\scanlogs\I_00000088.log
c:\programdata\AVG2012\scanlogs\I_00000089.log
c:\programdata\AVG2012\scanlogs\I_00000090.log
c:\programdata\AVG2012\scanlogs\I_00000091.log
c:\programdata\AVG2012\scanlogs\I_00000092.log
c:\programdata\AVG2012\scanlogs\I_00000093.log
c:\programdata\AVG2012\scanlogs\I_00000094.log
c:\programdata\AVG2012\scanlogs\I_00000095.log
c:\programdata\AVG2012\scanlogs\I_00000096.log
c:\programdata\AVG2012\scanlogs\I_00000097.log
c:\programdata\AVG2012\scanlogs\I_00000098.log
c:\programdata\AVG2012\scanlogs\I_00000099.log
c:\programdata\AVG2012\scanlogs\I_00000100.log
c:\programdata\AVG2012\scanlogs\I_00000101.log
c:\programdata\AVG2012\scanlogs\I_00000102.log
c:\programdata\AVG2012\scanlogs\I_00000103.log
c:\programdata\AVG2012\scanlogs\I_00000104.log
c:\programdata\AVG2012\scanlogs\I_00000105.log
c:\programdata\AVG2012\scanlogs\I_00000106.log
c:\programdata\AVG2012\scanlogs\I_00000107.log
c:\programdata\AVG2012\scanlogs\I_00000108.log
c:\programdata\AVG2012\scanlogs\I_00000109.log
c:\programdata\AVG2012\scanlogs\I_00000110.log
c:\programdata\AVG2012\scanlogs\I_00000111.log
c:\programdata\AVG2012\scanlogs\I_00000112.log
c:\programdata\AVG2012\scanlogs\I_00000113.log
c:\programdata\AVG2012\scanlogs\I_00000114.log
c:\programdata\AVG2012\scanlogs\I_00000115.log
c:\programdata\AVG2012\scanlogs\I_00000116.log
c:\programdata\AVG2012\scanlogs\I_00000117.log
c:\programdata\AVG2012\scanlogs\I_00000118.log
c:\programdata\AVG2012\scanlogs\I_00000119.log
c:\programdata\AVG2012\scanlogs\I_00000120.log
c:\programdata\AVG2012\scanlogs\I_00000121.log
c:\programdata\AVG2012\scanlogs\I_00000122.log
c:\programdata\AVG2012\scanlogs\I_00000123.log
c:\programdata\AVG2012\scanlogs\I_00000124.log
c:\programdata\AVG2012\scanlogs\I_00000125.log
c:\programdata\AVG2012\scanlogs\I_00000126.log
c:\programdata\AVG2012\scanlogs\I_00000127.log
c:\programdata\AVG2012\scanlogs\I_00000128.log
c:\programdata\AVG2012\scanlogs\I_00000129.log
c:\programdata\AVG2012\scanlogs\I_00000130.log
c:\programdata\AVG2012\scanlogs\I_00000131.log
c:\programdata\AVG2012\scanlogs\I_00000132.log
c:\programdata\AVG2012\scanlogs\I_00000133.log
c:\programdata\AVG2012\scanlogs\I_00000134.log
c:\programdata\AVG2012\scanlogs\I_00000135.log
c:\programdata\AVG2012\scanlogs\I_00000136.log
c:\programdata\AVG2012\scanlogs\I_00000137.log
c:\programdata\AVG2012\scanlogs\I_00000138.log
c:\programdata\AVG2012\scanlogs\I_00000139.log
c:\programdata\AVG2012\scanlogs\I_00000140.log
c:\programdata\AVG2012\scanlogs\I_00000141.log
c:\programdata\AVG2012\scanlogs\I_00000142.log
c:\programdata\AVG2012\scanlogs\I_00000143.log
c:\programdata\AVG2012\scanlogs\I_00000144.log
c:\programdata\AVG2012\scanlogs\I_00000145.log
c:\programdata\AVG2012\scanlogs\I_00000146.log
c:\programdata\AVG2012\scanlogs\I_00000147.log
c:\programdata\AVG2012\scanlogs\I_00000148.log
c:\programdata\AVG2012\scanlogs\I_00000149.log
c:\programdata\AVG2012\scanlogs\I_00000150.log
c:\programdata\AVG2012\scanlogs\I_00000151.log
c:\programdata\AVG2012\scanlogs\I_00000152.log
c:\programdata\AVG2012\scanlogs\I_00000153.log
c:\programdata\AVG2012\scanlogs\I_00000154.log
c:\programdata\AVG2012\scanlogs\I_00000155.log
c:\programdata\AVG2012\scanlogs\I_00000156.log
c:\programdata\AVG2012\scanlogs\I_00000157.log
c:\programdata\AVG2012\scanlogs\I_00000158.log
c:\programdata\AVG2012\scanlogs\I_00000159.log
c:\programdata\AVG2012\scanlogs\I_00000160.log
c:\programdata\AVG2012\scanlogs\I_00000161.log
c:\programdata\AVG2012\scanlogs\I_00000162.log
c:\programdata\AVG2012\scanlogs\I_00000163.log
c:\programdata\AVG2012\scanlogs\I_00000164.log
c:\programdata\AVG2012\scanlogs\I_00000165.log
c:\programdata\AVG2012\scanlogs\I_00000166.log
c:\programdata\AVG2012\scanlogs\I_00000167.log
c:\programdata\AVG2012\scanlogs\I_00000168.log
c:\programdata\AVG2012\scanlogs\I_00000169.log
c:\programdata\AVG2012\scanlogs\I_00000170.log
c:\programdata\AVG2012\scanlogs\I_00000171.log
c:\programdata\AVG2012\scanlogs\I_00000172.log
c:\programdata\AVG2012\scanlogs\I_00000173.log
c:\programdata\AVG2012\scanlogs\I_00000174.log
c:\programdata\AVG2012\scanlogs\I_00000175.log
c:\programdata\AVG2012\scanlogs\I_00000176.log
c:\programdata\AVG2012\scanlogs\I_00000177.log
c:\programdata\AVG2012\scanlogs\I_00000178.log
c:\programdata\AVG2012\scanlogs\I_00000179.log
c:\programdata\AVG2012\scanlogs\I_00000180.log
c:\programdata\AVG2012\scanlogs\I_00000181.log
c:\programdata\AVG2012\scanlogs\I_00000182.log
c:\programdata\AVG2012\scanlogs\I_00000183.log
c:\programdata\AVG2012\scanlogs\I_00000184.log
c:\programdata\AVG2012\scanlogs\I_00000185.log
c:\programdata\AVG2012\scanlogs\I_00000186.log
c:\programdata\AVG2012\scanlogs\I_00000187.log
c:\programdata\AVG2012\scanlogs\I_00000188.log
c:\programdata\AVG2012\scanlogs\I_00000189.log
c:\programdata\AVG2012\scanlogs\I_00000190.log
c:\programdata\AVG2012\scanlogs\I_00000191.log
c:\programdata\AVG2012\scanlogs\I_00000192.log
c:\programdata\AVG2012\scanlogs\I_00000193.log
c:\programdata\AVG2012\scanlogs\I_00000194.log
c:\programdata\AVG2012\scanlogs\I_00000195.log
c:\programdata\AVG2012\scanlogs\I_00000196.log
c:\programdata\AVG2012\scanlogs\I_00000197.log
c:\programdata\AVG2012\scanlogs\I_00000198.log
c:\programdata\AVG2012\scanlogs\I_00000199.log
c:\programdata\AVG2012\scanlogs\I_00000200.log
c:\programdata\AVG2012\scanlogs\I_00000201.log
c:\programdata\AVG2012\scanlogs\I_00000202.log
c:\programdata\AVG2012\scanlogs\I_00000203.log
c:\programdata\AVG2012\scanlogs\I_00000204.log
c:\programdata\AVG2012\scanlogs\I_00000205.log
c:\programdata\AVG2012\scanlogs\I_00000206.log
c:\programdata\AVG2012\scanlogs\I_00000207.log
c:\programdata\AVG2012\scanlogs\I_00000208.log
c:\programdata\AVG2012\scanlogs\I_00000209.log
c:\programdata\AVG2012\scanlogs\I_00000210.log
c:\programdata\AVG2012\scanlogs\I_00000211.log
c:\programdata\AVG2012\scanlogs\I_00000212.log
c:\programdata\AVG2012\scanlogs\I_00000213.log
c:\programdata\AVG2012\scanlogs\I_00000214.log
c:\programdata\AVG2012\scanlogs\I_00000215.log
c:\programdata\AVG2012\scanlogs\I_00000216.log
c:\programdata\AVG2012\scanlogs\I_00000217.log
c:\programdata\AVG2012\scanlogs\I_00000218.log
c:\programdata\AVG2012\scanlogs\I_00000219.log
c:\programdata\AVG2012\scanlogs\I_00000220.log
c:\programdata\AVG2012\scanlogs\I_00000221.log
c:\programdata\AVG2012\scanlogs\I_00000222.log
c:\programdata\AVG2012\scanlogs\I_00000223.log
c:\programdata\AVG2012\scanlogs\I_00000224.log
c:\programdata\AVG2012\scanlogs\I_00000225.log
c:\programdata\AVG2012\scanlogs\I_00000226.log
c:\programdata\AVG2012\scanlogs\I_00000227.log
c:\programdata\AVG2012\scanlogs\I_00000228.log
c:\programdata\AVG2012\scanlogs\I_00000229.log
c:\programdata\AVG2012\scanlogs\I_00000230.log
c:\programdata\AVG2012\scanlogs\I_00000231.log
c:\programdata\AVG2012\scanlogs\I_00000232.log
c:\programdata\AVG2012\scanlogs\I_00000233.log
c:\programdata\AVG2012\scanlogs\I_00000234.log
c:\programdata\AVG2012\scanlogs\I_00000235.log
c:\programdata\AVG2012\scanlogs\I_00000236.log
c:\programdata\AVG2012\scanlogs\I_00000237.log
c:\programdata\AVG2012\scanlogs\I_00000238.log
c:\programdata\AVG2012\scanlogs\I_00000239.log
c:\programdata\AVG2012\scanlogs\I_00000240.log
c:\programdata\AVG2012\scanlogs\I_00000241.log
c:\programdata\AVG2012\scanlogs\I_00000242.log
c:\programdata\AVG2012\scanlogs\I_00000243.log
c:\programdata\AVG2012\scanlogs\I_00000244.log
c:\programdata\AVG2012\scanlogs\I_00000245.log
c:\programdata\AVG2012\scanlogs\I_00000246.log
c:\programdata\AVG2012\scanlogs\I_00000247.log
c:\programdata\AVG2012\scanlogs\I_00000248.log
c:\programdata\AVG2012\scanlogs\I_00000249.log
c:\programdata\AVG2012\scanlogs\I_00000250.log
c:\programdata\AVG2012\scanlogs\I_00000251.log
c:\programdata\AVG2012\scanlogs\I_00000252.log
c:\programdata\AVG2012\scanlogs\I_00000253.log
c:\programdata\AVG2012\scanlogs\I_00000254.log
c:\programdata\AVG2012\scanlogs\I_00000255.log
c:\programdata\AVG2012\scanlogs\I_00000256.log
c:\programdata\AVG2012\scanlogs\I_00000257.log
c:\programdata\AVG2012\scanlogs\I_00000258.log
c:\programdata\AVG2012\scanlogs\I_00000259.log
c:\programdata\AVG2012\scanlogs\I_00000260.log
c:\programdata\AVG2012\scanlogs\I_00000261.log
c:\programdata\AVG2012\scanlogs\I_00000262.log
c:\programdata\AVG2012\scanlogs\I_00000263.log
c:\programdata\AVG2012\scanlogs\I_00000264.log
c:\programdata\AVG2012\scanlogs\I_00000265.log
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 23:37 . 2011-12-18 23:43 -------- d-----w- c:\users\Fname Lname\AppData\Local\temp
2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 16:33 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-14 14:56 . 2011-12-14 14:56 -------- d-----w- c:\programdata\WindowsSearch
2011-12-13 23:33 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-13 23:33 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-13 23:33 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 23:33 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:33 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 23:33 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 23:32 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-01 03:53 . 2011-12-01 03:23 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-12-01 03:42 . 2011-12-01 03:42 -------- d-----w- c:\programdata\Trend Micro
2011-12-01 03:32 . 2011-12-01 03:32 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2011-11-30 02:38 . 2011-11-30 04:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-30 00:33 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-30 00:33 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-30 00:33 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-30 00:33 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-30 00:32 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-30 00:32 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-30 00:32 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-30 00:32 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\programdata\AVAST Software
2011-11-30 00:31 . 2011-11-30 00:31 -------- d-----w- c:\program files\AVAST Software
2011-11-30 00:09 . 2011-12-01 13:05 -------- d-----w- c:\program files\Trend Micro
2011-11-23 21:06 . 2011-11-23 21:06 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-20 21:02 . 2011-11-09 13:20 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-12 19:40 . 2009-11-12 19:41 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 15:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\users\FNAMERE~1\AppData\Local\Temp\knf.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"googletalk"="c:\users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [BU]
"HostManager"="c:\program files\Common Files\AOL\1230828047\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Fname Lname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-10-26 28256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 03:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
FF - ProfilePath - c:\users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - %profile%\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Fname Lname\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.

 

[Sammy22]

Cont'd...

- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Camera Assistant Software for Gateway\CEC_MAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2011-12-18 18:50:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 23:49
ComboFix2.txt 2011-12-17 20:06
.
Pre-Run: 14,375,690,240 bytes free
Post-Run: 14,103,633,920 bytes free
.
- - End Of File - - D47781FFB149C3A5A6402B1EAB3740D5

 

[Broni]

Good

I made a typo in my previous reply.
I meant you keep AVG uninstalled and you use Avast as your AV program.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Sammy22]

Computer is running fine.

OTL.txt log...

OTL logfile created on: 12/18/2011 7:31:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fname Lname\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
6.18 Gb Paging File | 5.02 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.12 Gb Total Space | 13.18 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

Computer Name: FNAMELNAME-PC | User Name: Fname Lname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/12 18:34:37 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/09/06 21:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/07/12 18:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 18:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/25 19:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/12 18:34:38 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/13 19:59:05 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/10 15:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/12/18 12:38:22 | 002,490,368 | ---- | M] () -- C:\Program Files\Common Files\Common Share\Filters\FFDShow\ffdshow.ax
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-110309-193829)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/12/10 23:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/07/12 18:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/30 22:23:25 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/26 15:47:28 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDisMP)
DRV - [2010/10/26 15:47:28 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDis)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/02/29 03:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/09/06 21:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/29 17:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/16 02:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb01ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ff&clid=00fbc1ff0a8644ba825c0c74651ff15b&subid=3067"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5319
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Fname Lname\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Fname Lname\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/19 21:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/19 21:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/13 22:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 22:27:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/12 18:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Fname Lname\AppData\Roaming\Move Networks [2009/10/22 18:57:08 | 000,000,000 | ---D | M]

[2009/01/09 14:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Extensions
[2011/12/18 18:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions
[2009/08/08 23:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/19 23:31:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/06 10:48:11 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/03/12 19:06:30 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/30 07:08:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/04 22:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/16 21:04:48 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\gamebox@toolbar
[2011/03/04 22:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\extensions\staged-xpis
[2010/03/12 19:07:05 | 000,002,267 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\aim-search.xml
[2011/02/23 19:38:49 | 000,002,567 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml
[2010/01/20 11:19:10 | 000,000,923 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\conduit.xml
[2011/11/29 23:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 20:58:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/12 19:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 19:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/24 18:34:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/05 18:40:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/11 10:33:02 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Fname Lname\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Fname Lname\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Poppit = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/12/18 18:42:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1230828047\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [googletalk] C:\Users\Fname Lname\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAF4D33-7DB6-4444-BC33-F443AE1E03F9}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB31D837-0957-4C15-BFD6-41483FD56E7D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fname Lname\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fname Lname\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

 

[Sammy22]

OTL.txt cont'd...

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 19:29:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
[2011/12/18 18:50:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/18 18:50:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\temp
[2011/12/18 18:42:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/17 09:12:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F0481BE8-D586-40AF-AE2C-8DB2CEC85FAE}
[2011/12/17 09:09:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EEFD7FE5-F457-4C42-A277-C9A99B27E71B}
[2011/12/16 23:52:52 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5DB9C2D2-C884-40D6-ACB7-E59DBC6790F5}
[2011/12/16 23:45:27 | 004,343,835 | R--- | C] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
[2011/12/16 23:39:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{871E3265-F494-49CA-8E5F-CF46589D10E8}
[2011/12/16 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CE3FFB42-953A-4132-8E4B-30FE3857F381}
[2011/12/16 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D9B59AE6-3278-4795-B63F-98288E3A00BF}
[2011/12/16 22:43:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/16 22:43:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/16 22:43:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/16 22:39:51 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{03306ABB-B957-4D0B-A4AA-978844CF80EE}
[2011/12/16 22:39:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{78A275ED-C99C-4013-8951-CC62D753E519}
[2011/12/16 22:22:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/16 22:21:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/16 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E51F10CE-AACE-47E8-B2FC-4DE870118458}
[2011/12/16 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{456BDD91-4634-475C-BD3F-7C610E5D408B}
[2011/12/16 20:30:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B6B8EB49-6A91-4C3C-B8D6-7EB2236858F1}
[2011/12/16 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{9FE60277-DDA5-46EE-820C-8C01357D4B49}
[2011/12/16 08:03:39 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{53210B75-847B-4AE1-9B13-9617C437611D}
[2011/12/16 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{871AADD2-B666-4819-9538-77EFD0A2795D}
[2011/12/15 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{ADE71AE9-9B4D-46A5-B134-F7730EC1678C}
[2011/12/15 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DFF8D878-2D9F-4041-B558-605F3E1302C2}
[2011/12/15 08:00:51 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{38A1C4DF-6B79-4376-A636-86D2FE17A0E9}
[2011/12/15 08:00:36 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8C78F3FF-4ABA-41B3-B13C-4928EDDBF4F2}
[2011/12/14 20:50:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EB89C177-6E17-4588-9280-E77E0392698F}
[2011/12/14 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A00577AC-AF7A-4923-9075-4E1222A207C8}
[2011/12/14 09:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/12/14 07:54:37 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{52D0C189-24D2-4B09-90F6-3120E7054EAC}
[2011/12/14 07:54:22 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{653F728F-03FD-4E86-990F-625C76E0C1BF}
[2011/12/13 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{593CE855-6329-4112-A134-71A15A55DE7B}
[2011/12/13 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{81D750CB-37D8-401F-9138-DD22F9EC9CB8}
[2011/12/13 18:15:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B8CC1A4C-3D7C-40D2-A1C5-4C02264A28B9}
[2011/12/13 07:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{743A54C9-A92D-4BBB-B563-0AC222AE128C}
[2011/12/13 07:58:58 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E3EA28CE-75A2-4E39-B0A9-2254063AB45A}
[2011/12/12 21:49:32 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3C516639-0929-4E0F-8B74-AA91DE7C4AC6}
[2011/12/12 21:49:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8988CAC5-1825-4613-8EA5-766D58569F67}
[2011/12/12 17:55:31 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F4805897-6267-4606-A9AA-72A486764C60}
[2011/12/12 17:55:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{152FA511-39F9-4D99-9101-019919132B0E}
[2011/12/12 07:54:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{78AF7FBF-8419-466B-A0F0-9FBDECA9423B}
[2011/12/12 07:54:21 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8D4F97A0-ABEB-4B76-87AF-9F90FBA9BC2E}
[2011/12/11 14:05:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A9B6FBF1-6DB2-4D5F-9567-EABD954A16E3}
[2011/12/11 14:05:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3C046837-54D5-4862-9009-DC5ABBC49A7C}
[2011/12/11 10:19:22 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{290D27C9-BF77-481B-9904-96BC47708D22}
[2011/12/11 10:19:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8BE8B0F7-FB82-4CD1-8A81-C79AFB6530BD}
[2011/12/10 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{17A956AF-52EF-4489-A126-ED593F795A4C}
[2011/12/10 22:34:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{91D7F1A0-8F99-42A2-A7D7-3F93B66DA41D}
[2011/12/10 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{52C2DB27-E8B2-447F-A3F2-B49E5B7E1C4E}
[2011/12/10 09:29:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A7F8ACCD-86F1-41D4-A74F-E417BC95AB7A}
[2011/12/09 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{71D4FA57-5F62-4D02-AFE6-4221F0EF0A35}
[2011/12/09 22:43:12 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FCC84171-3731-488C-A371-800674A373A7}
[2011/12/09 17:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2C2161FA-E954-4AB1-85C5-4A2AF78CE229}
[2011/12/09 17:05:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C48B8FF1-C0C4-4504-97C3-9E3E10A945EB}
[2011/12/08 17:58:32 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5354FF42-3DB0-4417-837E-AFB36FF2E864}
[2011/12/08 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{58528AEC-872A-46DF-B890-9C20281C2ED4}
[2011/12/08 08:00:42 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B74472AC-4E3B-404A-8005-B6873950F252}
[2011/12/08 08:00:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FB86E75D-F52A-4F51-8112-1A71AB078FF8}
[2011/12/07 18:02:06 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{AF0F43C5-23C7-4606-8E05-67F05268D289}
[2011/12/07 18:01:54 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B57C035D-AD91-4F38-A50E-0D407D8491DD}
[2011/12/07 08:00:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CA8E0B6D-78ED-4287-B723-0B8A18AA8D95}
[2011/12/07 08:00:43 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2780868F-DD11-45D3-A7BC-1004223BE700}
[2011/12/06 18:21:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{36DB32AD-F60F-4C1D-A8C5-2F6CEB9033C4}
[2011/12/06 18:21:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3841C196-22AE-4D36-8F4F-6D5840DA71DA}
[2011/12/06 08:07:27 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4A2899C1-D37F-46FB-AD07-4AB56EF995BD}
[2011/12/06 08:07:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2F69187E-8BAB-4FF5-899D-0942EA12F1F7}
[2011/12/05 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DC4829C6-6FAF-4BDE-AFC4-E03AF03A54A3}
[2011/12/05 18:15:04 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4424DE16-D8EE-4450-B18C-1264E2FF1B13}
[2011/12/05 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D83DED76-5815-4BC4-8741-D6B8D9CA1586}
[2011/12/05 08:04:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{D806AD2A-1DF2-4E88-BAB8-5041FDF73A41}
[2011/12/04 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B0D16FD4-FAD1-41F2-9D0D-AB2C413C0ACE}
[2011/12/04 09:53:44 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{88EE9727-A028-4295-A681-CA737D6B0128}
[2011/12/03 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4BFC9364-226F-415D-A868-2F58F7A770EC}
[2011/12/03 09:56:10 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{65089BEA-756F-42C0-88B1-D0107CE4CF8A}
[2011/12/02 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{26D41BB7-DBC7-4F21-9DF9-3C082BF8DD8E}
[2011/12/02 20:28:21 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F38551ED-6BEA-4B85-A6C3-8EA726FD153C}
[2011/12/02 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{55F173B2-899A-4643-B4B7-6B0D61D1FF95}
[2011/12/02 18:14:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A767DD70-3E0E-4065-8073-9F9C36F2CBD7}
[2011/12/02 08:07:36 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5D233606-072D-4E01-A9D8-1A042119274C}
[2011/12/02 08:07:24 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4C6F518C-C909-4F85-AE1A-3F814944FECB}
[2011/12/01 17:56:05 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{75B147F5-9389-4F64-932B-B7543FC076C5}
[2011/12/01 17:55:53 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{70A58D7A-3BD5-4A05-B424-F456DA84DF8B}
[2011/12/01 08:09:53 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{BFC2F997-1E01-4BCC-93AF-2193CC78D237}
[2011/12/01 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{48D9EAC0-8C2F-49C3-AE23-DBEC268A519E}
[2011/11/30 22:53:22 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2011/11/30 22:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/11/30 22:42:23 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B1B9CCE5-07EE-43BE-980F-DF9A1F2F355B}
[2011/11/30 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B5C37A32-7F53-47E9-B58B-CAACF03730C1}
[2011/11/30 17:56:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4BF7D56C-CFB1-4559-B821-317825C588F6}
[2011/11/30 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{4579AA29-7CBA-494F-90D7-2BE506341DB0}
[2011/11/30 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B75C84A0-707F-4080-B676-6EC14A74347B}
[2011/11/30 08:11:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3D488A34-269C-4023-8C00-3B5E5F3C1F95}
[2011/11/29 23:37:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A73E9E47-408C-4E96-99A1-0E8A58CECFCD}
[2011/11/29 23:37:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{589B1D1D-16FA-476B-BDE6-7D0E214A4C75}
[2011/11/29 21:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/29 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/29 19:33:30 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/29 19:33:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/29 19:33:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/29 19:33:00 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/29 19:32:57 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/29 19:32:54 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/29 19:32:12 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/29 19:32:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/29 19:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/29 19:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/29 19:27:45 | 062,844,032 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2011/11/29 19:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/29 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E93A4C1C-17AC-4A32-B879-215B16E09882}
[2011/11/29 12:13:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{3FF6016A-9D7F-43DE-88DC-CC7F382FFDD5}
[2011/11/29 08:08:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7A74A1CC-1F6D-4E04-B1DF-36CE072B45E4}
[2011/11/29 08:07:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E7794804-8CEB-4043-824C-FE698C22DD43}
[2011/11/28 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{174C6A31-A1A9-4802-9E1E-173CC099B2ED}
[2011/11/28 17:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C6627B21-2C75-4EEA-BF41-0B604E1ED978}
[2011/11/28 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B70513A6-A212-45E1-B629-A40C53124A27}
[2011/11/28 08:06:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A0EF3092-7A47-4B46-9E9E-71AC15DC0003}
[2011/11/27 13:35:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{717A19F1-67AE-4DE4-8663-764987529A8A}
[2011/11/27 13:35:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EF49DADB-027D-425E-99C9-15CD08F21416}
[2011/11/27 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{EB9AFA10-F61C-4DBD-A4B5-4F6CBF468D63}
[2011/11/27 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7180099B-308F-4C36-B328-F9AB9F67A606}
[2011/11/26 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{BE594E07-6B8F-4C7E-827A-AD897227263F}
[2011/11/25 14:30:27 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{38FFA232-C039-4F4C-9C36-BE2167C1A301}
[2011/11/25 14:30:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8970C49C-3EAA-47AB-9885-6F9699D9B5A6}
[2011/11/25 12:49:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DF19B9DD-8A62-4E5C-B3E8-8A10C07911A9}
[2011/11/25 12:49:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{21B11D31-F445-418A-9658-6F87FE3C1FBA}
[2011/11/25 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{8CB350D2-7B83-4FE7-BB6C-413174613EA6}
[2011/11/25 10:43:28 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7A5FA540-08C8-439A-8988-44C2AD7358D7}
[2011/11/24 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F0B9542E-BEBA-4317-BBD7-C8E6485E85CA}
[2011/11/24 23:39:59 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E07366B8-D3BB-489A-9954-C0DCDCDC3711}
[2011/11/24 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2E436EE3-05DC-4F5A-88BA-CB438F1FFF7D}
[2011/11/24 20:59:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{DFAFACCE-A417-431F-B003-5D874DD3342B}
[2011/11/24 13:30:17 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{74FEACA2-676B-46DC-887F-0BAC8654540D}
[2011/11/24 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{1B78BE29-CD47-4DA4-9BCA-7626B2F98B29}
[2011/11/24 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5A212C01-A0CF-40E3-A303-F5F898020F41}
[2011/11/24 13:02:58 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5AAAAB42-5495-4464-B0D2-8D534D33186C}
[2011/11/24 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{65554DAE-A846-45E0-813D-42B819FA267A}
[2011/11/24 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{74002668-6F92-4C69-BAC4-A84BF57FE22B}
[2011/11/24 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{378E4D86-4136-4B80-A0CD-163D2A1C6E7F}
[2011/11/24 11:44:24 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{00B0D81A-0A4E-4200-8F6E-48668031402C}
[2011/11/24 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{94C2E2A1-2758-4E06-B56E-26A589C0F7FE}
[2011/11/24 10:47:16 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{49950FA5-DA01-47AC-85B1-94C78D210DD4}
[2011/11/23 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{E9A3B058-04A9-4450-8EA2-B1C505C33E6E}
[2011/11/23 23:21:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{FF92CD3F-7290-462A-9B01-7F41364B20BE}
[2011/11/23 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B7BEB154-31F3-4CC6-80D3-2203451078CD}
[2011/11/23 19:48:09 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{91298011-A38C-43BD-8419-900B2989B815}
[2011/11/23 19:47:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{43AE4660-5901-4760-8D99-F3FCBA1CEF0E}
[2011/11/23 19:08:45 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{0B0996BD-CA5D-490F-B1CA-314BD33E4EEE}
[2011/11/23 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{F24487EF-43B0-415F-8102-9878B789F766}
[2011/11/23 16:06:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/23 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{0116AE6E-17CD-4106-ADA9-44BEC919F2CE}
[2011/11/22 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{A213DD3C-0378-4FF5-AA49-AD9770EAF914}
[2011/11/22 19:12:59 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{102DF5BC-D167-4B88-AF49-CB07E1F15CB6}
[2011/11/22 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{79397ED6-C5F4-4D13-A6EF-2FB385B325C4}
[2011/11/22 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{40120A0E-DE78-4FBE-86BE-C6D0171B7470}
[2011/11/22 08:16:56 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{6CB6EBC8-DD06-4E8D-A535-42B6D9F8A33B}
[2011/11/22 08:16:35 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{C38DCB21-5A48-48DE-B1F4-E6D21CCB3C00}
[2011/11/21 18:28:49 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{B1C4A133-57F6-406B-80E1-76A392E6FDF4}
[2011/11/21 18:28:28 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CD4BEE6E-7943-4620-A2D4-455584C6648A}
[2011/11/21 08:10:11 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{95C078DF-B4F3-44A4-A1BE-81816500434E}
[2011/11/21 08:09:49 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{CEDEED44-5AD1-42FA-BA17-3118DC229390}
[2011/11/20 10:04:02 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{7D0491CF-6467-4F6F-8213-9FBA6386A49B}
[2011/11/19 09:49:03 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{5AA5550D-4D49-4FE2-8DB3-1B3110B9E26C}
[2011/11/19 09:48:40 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{2AB63947-168B-4A58-AF22-84ED99ACEC8A}
[2011/11/19 00:00:47 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{677EC099-1463-4A01-AFA0-0437F41D0A8E}
[2011/11/19 00:00:19 | 000,000,000 | ---D | C] -- C:\Users\Fname Lname\AppData\Local\{ABE254E7-4D19-493C-B06C-56E0D984BCE6}
[2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
[2011/12/18 19:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 19:07:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 18:42:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/18 18:39:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 18:39:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 18:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 18:18:52 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
[2011/12/16 22:18:17 | 000,000,512 | ---- | M] () -- C:\Users\Fname Lname\Desktop\MBR.dat
[2011/12/16 12:47:10 | 000,138,240 | ---- | M] () -- C:\Users\Fname Lname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 08:06:05 | 140,567,986 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
[2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
[2011/12/15 08:19:29 | 000,400,384 | ---- | M] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
[2011/12/14 08:06:23 | 000,000,000 | ---- | M] () -- C:\Users\Fname Lname\AppData\Local\prvlcl.dat
[2011/12/14 07:48:00 | 000,303,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
[2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
[2011/12/13 22:29:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/12 18:47:59 | 000,394,298 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/12 08:26:34 | 000,000,575 | ---- | M] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\GAApplication(Rev 6-05) - Shortcut.lnk
[2011/12/11 17:11:18 | 000,775,636 | ---- | M] () -- C:\Users\Fname Lname\Desktop\Transcript.pdf
[2011/12/04 10:23:00 | 000,000,124 | ---- | M] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
[2011/11/30 23:12:59 | 000,615,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/30 23:12:59 | 000,107,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/30 22:27:50 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2011/11/30 22:23:25 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2011/11/29 19:33:32 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/29 19:28:28 | 062,844,032 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
[2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/25 14:50:30 | 000,044,527 | ---- | M] () -- C:\Users\Fname Lname\Desktop\pic2.jpg
[2011/11/24 20:50:07 | 340,265,739 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 22:43:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/16 22:43:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/16 22:43:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/16 22:43:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/16 22:43:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 22:18:17 | 000,000,512 | ---- | C] () -- C:\Users\Fname Lname\Desktop\MBR.dat
[2011/12/15 08:19:29 | 000,400,384 | ---- | C] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
[2011/12/15 08:19:23 | 000,001,268 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
[2011/12/15 08:19:23 | 000,001,268 | -HS- | C] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
[2011/12/13 20:03:00 | 000,011,534 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
[2011/12/13 20:03:00 | 000,011,534 | -HS- | C] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
[2011/12/12 08:26:34 | 000,000,575 | ---- | C] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\GAApplication(Rev 6-05) - Shortcut.lnk
[2011/12/04 10:23:00 | 000,000,124 | ---- | C] () -- C:\Users\Fname Lname\Application Data\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
[2011/11/30 22:27:50 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2011/11/29 19:33:32 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/29 12:28:16 | 000,003,710 | -HS- | C] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
[2011/11/29 12:28:16 | 000,003,710 | -HS- | C] () -- C:\ProgramData\2e01oq0m46k223
[2011/11/25 14:49:03 | 000,044,527 | ---- | C] () -- C:\Users\Fname Lname\Desktop\pic2.jpg
[2011/11/24 12:04:14 | 340,265,739 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/20 20:23:18 | 000,000,058 | ---- | C] () -- C:\Windows\OSA.INI
[2011/02/18 18:18:19 | 000,000,680 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\d3d9caps.dat
[2010/09/06 10:38:20 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/05/06 22:38:32 | 000,000,000 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\prvlcl.dat
[2009/09/07 10:28:05 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2009/08/04 17:06:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 17:06:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/01/09 12:18:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/01 20:56:10 | 000,017,089 | ---- | C] () -- C:\Users\Fname Lname\AppData\Roaming\UserTile.png
[2009/01/01 18:43:46 | 000,138,240 | ---- | C] () -- C:\Users\Fname Lname\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 11:44:49 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/06/10 01:43:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/10 01:43:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/10 01:43:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/10 01:43:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/10 01:41:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/05 00:33:35 | 000,360,448 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,303,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,615,914 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,107,922 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2010/03/12 19:06:29 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\acccore
[2010/09/06 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Ashampoo
[2011/12/14 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\BitTorrent
[2010/09/06 10:38:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Canneverbe Limited
[2011/11/13 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1
[2011/11/13 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl
[2011/03/05 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Jaksta
[2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n
[2010/09/10 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\NCH Swift Sound
[2011/11/13 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ
[2009/01/01 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\PeerNetworking
[2011/11/13 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3
[2011/05/22 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic
[2009/01/02 00:03:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\SampleView
[2010/12/18 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\SecondLife
[2011/11/13 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY
[2009/01/01 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\WildTangent
[2011/05/24 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Windows Live Writer
[2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw
[2011/12/18 18:37:59 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/05 00:22:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/18 18:50:01 | 000,051,125 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/07 10:27:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/12 19:06:04 | 000,000,361 | -H-- | M] () -- C:\IPH.PH
[2008/06/10 02:22:08 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2009/09/07 10:27:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/18 18:38:53 | 3524,980,736 | -HS- | M] () -- C:\pagefile.sys
[2008/06/10 02:27:51 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2011/12/17 22:43:34 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2009/01/01 11:40:38 | 000,000,067 | -H-- | M] () -- C:\T4Metrics.log
[2011/12/16 21:36:59 | 000,074,464 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_21.28.48_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/13 11:07:18 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/12/04 10:23:00 | 000,000,124 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Already tagged.URL
[2011/08/22 17:54:10 | 000,000,286 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/18 18:18:52 | 004,343,835 | R--- | M] (Swearware) -- C:\Users\Fname Lname\Desktop\ComboFix.exe
[2011/12/18 19:29:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fname Lname\Desktop\OTL.exe
[2 C:\Users\Fname Lname\Desktop\*.tmp files -> C:\Users\Fname Lname\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/01 11:37:21 | 000,000,402 | -HS- | M] () -- C:\Users\Fname Lname\Favorites\desktop.ini
[2011/08/22 18:36:51 | 000,000,264 | ---- | M] () -- C:\Users\Fname Lname\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
[2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
[2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
[2011/11/30 22:27:50 | 000,005,115 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2011/12/16 22:16:03 | 000,000,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\MBR.dat

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >

 

[Sammy22]

Extras.txt log...

OTL Extras logfile created on: 12/18/2011 7:31:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fname Lname\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.86% Memory free
6.18 Gb Paging File | 5.02 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.12 Gb Total Space | 13.18 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 5.18 Gb Free Space | 43.43% Space Free | Partition Type: NTFS

Computer Name: FNAMELNAME-PC | User Name: Fname Lname | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C3064BF-C002-45A4-A9B6-1B9DF4A1A3C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB90C31C-6558-4C63-99C8-3B30606250D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DF77BEB1-55CB-4690-B555-0EDD1679FA39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0E85EB1-7912-413D-A9F0-F5D1D18F0B59}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F2218-F041-4F0C-94F6-2E6D7D9FA431}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{04D61EC8-A055-4045-B1F5-14205FD5FBC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{17ED47FE-86E5-43FD-9AE6-DBC2803136D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{22A5BCB1-FCC2-4397-A5B2-AAE001308FDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2BB3B132-139C-45A5-B0C4-2599DBF7F39A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2D07C018-D70E-4B5F-AAE7-BA592D26F710}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{31283935-A67D-4DEA-A488-12F62ADE0528}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{449FD92E-41DA-4DC4-82E5-CB2519407567}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4C0A8B19-7EE0-4905-952E-9360DC223FA8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4C24582A-20A0-4829-8627-2324D53DE07B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5F46BE29-88CF-446D-9C1A-A9BE7AA25F41}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{5FEF3BE1-B2DE-49C7-AFCF-21FFEB7403AE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6A1F6936-D0DA-4D82-A4AB-1556EDF3D028}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6A752F4E-F3B5-4F85-B56C-5FD79BEC1431}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6C6D0389-A798-419A-8DFE-1F0ACDE31083}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D9349BD-EEFA-46BE-9978-FEAB8FDD811B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{738A1A2B-558B-46DD-8832-A1FB9E939E9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76B95CEC-6C3F-4EF0-A4F2-848DE17CDA56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7A870C3F-551E-41E8-87F6-CFF46454FFF6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7EDB53B2-EF5F-4C3B-B971-E5719A1ADB6E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{824F0B2C-B64F-491F-864A-61832C626D68}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii - the warchiefs trial\age3x.exe |
"{8C5714BA-3741-494A-BADF-60CA71EACBF5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{8D16B45A-FF1E-4C73-949B-1F60AE1C9BE1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{96BC04CC-9E64-44EF-886A-73694638A41D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99AC51F6-4F53-4884-9A5D-EEE1C2B1560A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9B58C8F6-03B3-448C-ABCB-F5A6A7B4E4FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{9C35F01F-843C-470A-A465-75C7A9AE8D30}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9CB4DBED-9877-44CC-B055-C3B01E28276F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9D9C2C32-EBF0-4770-A449-379EE1B9AAC2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F91C8C7-4458-4902-A9A2-73838382223C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A155AF77-718F-48E4-96D6-7BD0211A8496}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A6B1C32B-DB3F-408F-A006-700B8E802508}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B1A0B7EA-7AD6-44EC-A78F-2DB6D2761616}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{C2FF82C1-9730-47F9-B9BF-6C4F98A66AB2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C659EFDB-74DB-47C2-BBB6-45641C936556}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{C8EF8B23-5989-453E-AE13-976833ED5858}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CB20E316-6F64-49B1-B1B3-F0D3608893B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{CFEE9E3D-43DA-4C3C-BB86-955C1EF3A696}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{D20003C7-3862-42AF-87A1-74127506DD16}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii - the warchiefs trial\age3x.exe |
"{D443974C-1F8C-4419-BE41-8C251EE4FE5E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1230828047\ee\aolsoftware.exe |
"{D5A1942F-153C-4430-9562-E96105BB78D7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D7C18357-3C9D-4648-9CC1-1514A7B9B4FC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1230828047\ee\aolsoftware.exe |
"{E46A71BE-4701-40E7-BAE7-106432EEA553}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E994ACCA-D96A-4899-9EAE-FF611676550B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FCFDCC11-5002-42C7-8671-67ED8B2254CF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{34DD82E1-6CF4-4EBD-AA89-CD3B5B78AF2A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{730306FE-5E3D-4B11-96C9-78B4813F2992}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8E424F18-AB71-4F91-9A34-78410D3FA344}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{CDAF655A-C86E-4D2F-A28E-4031DE44BF65}C:\users\Fname Lname\appdata\roaming\macromedia\flash player\" = protocol=6 | dir=in | app=c:\users\Fname Lname\appdata\roaming\macromedia\flash player\ |
"TCP Query User{D4A805BC-7858-4E18-8576-33B38A9E0D17}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3A009AB4-9632-463D-8FEC-620EFF456AB7}C:\users\Fname Lname\appdata\roaming\macromedia\flash player\" = protocol=17 | dir=in | app=c:\users\Fname Lname\appdata\roaming\macromedia\flash player\ |
"UDP Query User{52BB1B1F-DE3D-4D13-AA21-DE6B3162462D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A2D64200-C1A0-475F-90B2-81E5F4D5B04B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ABF3B902-A7E5-4E54-85CE-CB2A8CE77FFA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B0C72184-F8D9-43EC-AEB4-7720FE67B3E9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E094147-7077-45BC-833A-151AD53488F6}" = Jaksta Streaming Media Recorder
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"CleanUp!" = CleanUp!
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX Setup
"ExpressBurn" = Express Burn Disc Burning Software
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GRE POWERPREP" = GRE POWERPREP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MP4 Player" = MP4 Player
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PokerStars" = PokerStars
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Sound Editor
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

 

[Sammy22]

Extras.txt cont'd...

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2011 2:31:54 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/17/2011 4:12:54 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/17/2011 4:15:46 PM | Computer Name = FnameLname-PC | Source = Application Hang | ID = 1002
Description = The program googletalk.exe version 1.0.0.104 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f80 Start Time: 01ccbcf878aff062 Termination Time: 15

Error - 12/17/2011 4:16:38 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0xc98, application start time 0x01ccbcf8bfdf53e2.

Error - 12/17/2011 11:40:34 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0x470, application start time 0x01ccbd366aa67552.

Error - 12/18/2011 10:36:57 AM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2011 11:24:20 AM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0x588, application start time 0x01ccbd9826cbaf7b.

Error - 12/18/2011 6:52:48 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2011 7:40:42 PM | Computer Name = FnameLname-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/18/2011 8:30:07 PM | Computer Name = FnameLname-PC | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0xd4c, application start time 0x01ccbddff7034ddb.

[ Media Center Events ]
Error - 10/11/2009 10:24:05 PM | Computer Name = FnameLname-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/27/2010 6:36:13 PM | Computer Name = FnameLname-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/8/2009 8:40:45 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 480
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/26/2009 11:40:07 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3695
seconds with 360 seconds of active time. This session ended with a crash.

Error - 3/29/2009 9:26:24 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5450
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 3/31/2009 11:26:56 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 749
seconds with 360 seconds of active time. This session ended with a crash.

Error - 4/25/2009 9:31:51 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 86271
seconds with 12840 seconds of active time. This session ended with a crash.

Error - 6/25/2010 9:13:57 PM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3130
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 3/13/2011 1:22:01 AM | Computer Name = FnameLname-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12704
seconds with 2580 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/18/2011 7:35:17 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/18/2011 7:35:17 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/18/2011 7:37:26 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/18/2011 7:37:40 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/18/2011 7:40:43 PM | Computer Name = FnameLname-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-110309-193829)
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.defaultenginename: "Ask.com"
  FF - prefs.js..browser.search.order.1: "Ask.com"
  FF - prefs.js..browser.search.selectedEngine: "Ask.com"
  FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
  [2011/02/23 19:38:49 | 000,002,567 | ---- | M] () -- C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml
  [2011/12/11 10:33:02 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
  FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\
  CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
  O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
  O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
  O3 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Domains: localhost ([]http in Local intranet)
  O15 - HKU\S-1-5-21-710243377-3777013803-3809824090-1000\..Trusted Ranges: GD ([http] in Local intranet)
  O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found
  [2011/12/16 08:06:05 | 140,567,986 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
  [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8
  [2011/12/15 08:19:32 | 000,001,268 | -HS- | M] () -- C:\ProgramData\607885p0r580t127s003l4glr2a8
  [2011/12/15 08:19:29 | 000,400,384 | ---- | M] () -- C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe
  [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7
  [2011/12/13 23:19:57 | 000,011,534 | -HS- | M] () -- C:\ProgramData\543355v4g606c064d538e7hbv5s7
  [2011/12/12 18:47:59 | 000,394,298 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
  [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223
  [2011/11/29 12:30:58 | 000,003,710 | -HS- | M] () -- C:\ProgramData\2e01oq0m46k223
  [2011/11/13 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1
  [2011/11/13 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl
  [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n
  [2011/11/13 20:43:48 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ
  [2011/11/13 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3
  [2011/05/22 19:17:32 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic
  [2011/11/13 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY
  [2011/11/13 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw
  @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D
  1B5B4F1
  
  :Files
  C:\PROGRA~1\AVG
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Sammy22]

OTL log below. I hope everything looks as it is supposed to. I see a lot of "not found" mentions.

Assuming the OTL log looks good, I will proceed with the previously requested scans/directions tomorrow.

Thanks

----

All processes killed
========== OTL ==========
Error: No service named GoogleDesktopManager-110309-193829 was found to stop!
Service\Driver key GoogleDesktopManager-110309-193829 not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
C:\Users\Fname Lname\AppData\Roaming\Mozilla\Firefox\Profiles\2wcv829m.default\searchplugins\askcom.xml moved successfully.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
Prefs.js: avg@igeared:6.010.006.004 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18 not found.
File C:\Users\Fname Lname\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.
Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_USERS\S-1-5-21-710243377-3777013803-3809824090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\ not found.
File {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll File not found not found.
File C:\Windows\System32\drivers\AVG\incavi.avm.old not found.
C:\Users\Fname Lname\AppData\Local\607885p0r580t127s003l4glr2a8 moved successfully.
File C:\ProgramData\607885p0r580t127s003l4glr2a8 not found.
C:\Users\Fname Lname\Documents\Documents\Ke43yta.exe moved successfully.
C:\Users\Fname Lname\AppData\Local\543355v4g606c064d538e7hbv5s7 moved successfully.
File C:\ProgramData\543355v4g606c064d538e7hbv5s7 not found.
File C:\Windows\System32\drivers\AVG\iavichjg.avm not found.
C:\Users\Fname Lname\AppData\Local\2e01oq0m46k223 moved successfully.
File C:\ProgramData\2e01oq0m46k223 not found.
C:\Users\Fname Lname\AppData\Roaming\DVVVrllOBtx0yS1 folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\h88fRRZ9hTXwUCl folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\JIVrlONtx0c1b3n folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\p11uvSS2obF3mGQ folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\QNNyyxA00uS2iF3 folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\Registry Mechanic folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\t9ggTXXqjY folder moved successfully.
C:\Users\Fname Lname\AppData\Roaming\xaQH6sWK7E9TqYw folder moved successfully.
Unable to delete ADS C:\ProgramData\TEMP .
========== FILES ==========
File\Folder C:\PROGRA~1\AVG not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Fname Lname
->Temp folder emptied: 32804 bytes
->Temporary Internet Files folder emptied: 80950 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13364567 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 659 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 172555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Fname Lname
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_225124

Files\Folders moved on Reboot...
File\Folder C:\Users\Fname Lname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{9D31381E-33DE-439E-A40C-AEED4AC31B51}.tmp not found!
File\Folder C:\Users\Fname Lname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{975F121E-28E1-42BE-B02B-2FD22752DDFC}.tmp not found!

Registry entries deleted on Reboot...

 

[Broni]

Go on...........

 

[Sammy22]

Security Check Log...

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
AVG 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player ( 10.3.181.22) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Still running other scans...

 

[Broni]

Uninstall Java(TM) 6 Update 5 .

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

You're running two AV programs, Avast and AVG.
I asked you to keep AVG off of your computer.
Uninstall using AVG Remover.

 

[Sammy22]

Java 6 Update 5 has been deleted. Adobe for IE and Firefox have been updated.
TFC ran without issue or reboot.
AVG Remover ran with the following log:

2011-12-20 03:19:48,947 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2011-12-20 03:19:48,994 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-12-20 03:19:48,994 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-12-20 03:19:48,994 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionrogramFilesDir (x86) value failed (error: e001003d)
2011-12-20 03:19:48,994 INFO Command line: "C:\Users\Fname Lname\Downloads\avg_remover_stf_x86_2012_1796.exe"
2011-12-20 03:19:48,994 WARN AvgDir param empty.
2011-12-20 03:19:48,994 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG9', use this path as default.
2011-12-20 03:19:54,688 INFO AvgRemover runs in attempt number 1
2011-12-20 03:19:54,688 INFO Attempting to unregister AVG from the Windows Security Center.
2011-12-20 03:19:54,688 INFO Attempting to uninstall toolbar

NOTE:
I ran ESET Online Scanner and it was at the 2 hour 15 min mark (99% of scan completed) before my computer forced closed. At that point, the scan had discovered two infections. I will retry the ESET Scan tomorrow and report back.